General
-
Target
ATM Dekont E-Maili pdf.exe
-
Size
320KB
-
Sample
240313-rb4zqaee51
-
MD5
857f57632320c296ed42603d5dc50753
-
SHA1
5383f9059896b7f871d7c974ed887aced42789f7
-
SHA256
7199c9f3d8524e27b8fd14131f0992eb16433d0aa21563805f7fee29e773e719
-
SHA512
269b4f8961667c44edef79527cb70b5b53e5dd062fc4a4e28ab79ba4049415c29499b0cb1f9f0967a03dda197a3ff3784316e73171e479449daa461230da4930
-
SSDEEP
6144:6PBJmR7777rL0DWuRbao46Li4/bPrCt9UHNxizH+zyfw4spWJy:6PmjuRbn4qjTPOtQNxDzyo4spl
Behavioral task
behavioral1
Sample
ATM Dekont E-Maili pdf.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ATM Dekont E-Maili pdf.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
ATM Dekont E-Maili pdf.exe
-
Size
320KB
-
MD5
857f57632320c296ed42603d5dc50753
-
SHA1
5383f9059896b7f871d7c974ed887aced42789f7
-
SHA256
7199c9f3d8524e27b8fd14131f0992eb16433d0aa21563805f7fee29e773e719
-
SHA512
269b4f8961667c44edef79527cb70b5b53e5dd062fc4a4e28ab79ba4049415c29499b0cb1f9f0967a03dda197a3ff3784316e73171e479449daa461230da4930
-
SSDEEP
6144:6PBJmR7777rL0DWuRbao46Li4/bPrCt9UHNxizH+zyfw4spWJy:6PmjuRbn4qjTPOtQNxDzyo4spl
-
Detect ZGRat V1
-
PureLog Stealer payload
-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-