General
-
Target
New order RI326-10-2022_final_order.exe
-
Size
558KB
-
Sample
221124-yttp2aae6s
-
MD5
e62922b803afddf517121cea2aa4593e
-
SHA1
c1a212d120c9853656cf9eac6f851da4b358bed5
-
SHA256
af39fbe823fae738dd65381453b2b5caf1e3bac99e55fa3e2c7607453a9ab82c
-
SHA512
4a6d7f10a16d12386a7df87dd9426e16bf90f50afc0900bea2e5a6ad68eb6ddbaec726bb333d4372ebca43d45a60576daabb5824c9056f00b705d40a571d0c41
-
SSDEEP
12288:iBTUAKex4Vfd2NGflmA44b2xlnWKcTZlLg6A9BDYOKxdJ:mYh2oG4jTPo9BDYN
Static task
static1
Behavioral task
behavioral1
Sample
New order RI326-10-2022_final_order.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
New order RI326-10-2022_final_order.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
New order RI326-10-2022_final_order.exe
-
Size
558KB
-
MD5
e62922b803afddf517121cea2aa4593e
-
SHA1
c1a212d120c9853656cf9eac6f851da4b358bed5
-
SHA256
af39fbe823fae738dd65381453b2b5caf1e3bac99e55fa3e2c7607453a9ab82c
-
SHA512
4a6d7f10a16d12386a7df87dd9426e16bf90f50afc0900bea2e5a6ad68eb6ddbaec726bb333d4372ebca43d45a60576daabb5824c9056f00b705d40a571d0c41
-
SSDEEP
12288:iBTUAKex4Vfd2NGflmA44b2xlnWKcTZlLg6A9BDYOKxdJ:mYh2oG4jTPo9BDYN
-
Modifies WinLogon for persistence
-
Snake Keylogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-