General
-
Target
phish_alert_sp2_2.0.0.0.eml
-
Size
12KB
-
Sample
230122-yeeybshe98
-
MD5
a0a1d3029c6ef7f44fe7112bb59ea881
-
SHA1
b0bf8bf1de9209b87190a4dc2d267de72685bc27
-
SHA256
694adfef602d2ea796b3feac4cfe9ebdc0dbeb0daaee501b76df53ce0260ad6c
-
SHA512
f1fabfa69533b20ec65bf14a3048f63f6fbf13c85e1e153b26e7b74d1111a3e916ee832ed2e9ce4e4dc6b7ec9e2290322c818add3cb0aabb65e8ae6f918e3ec6
-
SSDEEP
192:ZIsmfIKrYS7R7j+Uvdb5fzJ5MVPFPDk28qldd5So7cbmflrhyF0KH:ismwKrYKRtvbfWDkYjd5Smcbmfl1C
Static task
static1
Malware Config
Extracted
bandook
bomes.ru
Targets
-
-
Target
email-html-1.txt
-
Size
3KB
-
MD5
f0fe336642eeaa0c37b7094fd1494905
-
SHA1
69e61a0c83aa7603e4b09e3070da6f17548402d6
-
SHA256
47c1a0979af792d31e74f1159ca97836d3bf8f3ac37e2bec940aa93aa1eda6a1
-
SHA512
b187364e4150b18ac90d306d4ba04eecdb24f16f0c06e4e42c1c36f50ecacbcc6ac10440d6575e78bdb75e92b1f5cc6a5c53a6ab5a5b24411029c011092d4886
-
Bandook payload
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-