General
-
Target
72dd3abc3cebc1245b26cebe7c117b2b
-
Size
1.7MB
-
Sample
240124-z1wzeahag4
-
MD5
72dd3abc3cebc1245b26cebe7c117b2b
-
SHA1
2366f542144cbaf8fa073ffc92fde2c6874bbf45
-
SHA256
e304f7bd1dcd5e4dd77baaa2a88daf2d7885eac6ce577b497bfae9c3636015d5
-
SHA512
0e5872283d7719e5e6d41f5b9acbf7b0718ace7d4580f9a3f181b155eba446b75ed8b5ef339d92de168b5dd978d985a304386a1dc7ca8bb5e90d270a708c6ac9
-
SSDEEP
24576:wUhxVrRRMijyH0oOVp1QeYWn6ShHUOb/06XWBq/g792OiVYUUh0zBWBsH:wwnrryUoOpgW3Z06GBEQrSk8
Static task
static1
Behavioral task
behavioral1
Sample
Dunes Industries P03356.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
Dunes Industries P03356.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
Dunes Industries P03356202114.exe
Resource
win7-20231215-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
admin@evapimlogs.com - Password:
BkKMmzZ1
Extracted
xloader
2.3
ipa8
royalposhpups.com
univa.world
lanerbo.com
shopbabygo.com
theutahhomestore.com
serialmixer.icu
linfeiya.com
xn--12cg3de5c2eb5cyi.com
am-conseil-communication.com
dailygame168.com
therightmilitia.com
visions-agency.com
mapopi.com
frugallyketo.com
guapandglo.com
54w-x126v.net
your-health-kick.com
blockchainhub360.com
registernowhd.xyz
votekellykitashima.com
astyaviewer.com
kinnonstudio.com
calerie.coffee
oqity.com
ia3v0m.com
maryland-real-estates.com
rwaafd.com
mnavn.com
valhallamedics.com
realbetisbalompie.xyz
askaboutaduhelm.com
sazekav.com
jxhg163.com
littlescampers.com
northwayenterprise.com
miotir.com
pastelpastrybakery.com
thebandaiderepair.com
plastings.com
hubrisnewyork.com
mervperu.com
calvarirumba.com
evidencemetrics.com
privedenim.com
thebreedersbuddy.info
poolsnation.com
lessonex.com
bainrix.com
celiktarim.com
ortodonciaberistain.com
curtisbigelow.net
golfwifi.net
instrumentum.store
legacymediaentertainment.com
okwideus.com
rixmusic.com
best123-movies.com
edwardsrealtyfl.rentals
beaumontcycleworks.com
abolad.com
hydrarobuxobby.com
addisonbleu.com
xiang-life.net
tailored2fit.online
desarrollosolucionesnavarro.com
Targets
-
-
Target
Dunes Industries P03356.exe
-
Size
1.0MB
-
MD5
3ea15007d1dbb5b1ed0714d5c42868dc
-
SHA1
a3b512dbdd64c9e822dcdd3f16b6297a2e91a2d4
-
SHA256
42b7d6c812a0fdefa87e7d48c1170babffe26932c12ea2037ea7161c2061c724
-
SHA512
c1c1e59e9bfed230ec7e9f4cdec261307e0eb889788acd2966f4a6973d9d8262ff40974687a4fede179320b05383147ee4316debab3781467b07db5015b42aaa
-
SSDEEP
12288:Q3vll2iNIGnXcjcx1zaHiYmn2TsH2iJBAy3olSHB3xU5z/qphBqCz:K1qYXePm2jo8uVuqdq
Score10/10-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
-
-
Target
Dunes Industries P03356202114.exe
-
Size
1.0MB
-
MD5
d4ea38bc35cb738b29f73e6750923a95
-
SHA1
8a4d5b7fa21b73f189b82565e3748368148b6a26
-
SHA256
3edf6811850efc722b39737bf3623a42127e728f0c32a0a6ab7c66044838d307
-
SHA512
b72774638a4dd856220117dc9f29bacf0166db6519ecd1f023a446829d403715d6b4a2d8bbb9783b32e412376194e63368a300d1ac326e440c40d9ff6128d958
-
SSDEEP
12288:xVo8KtS2iNQ3HIKYl/jNCr65sT9BE0U7EA/CU1McIJca:oS1sYlZ5sT920w91M3
-
Xloader payload
-
Suspicious use of SetThreadContext
-