General
-
Target
RFQ Document.exe
-
Size
336KB
-
Sample
210928-gh1wjaafe9
-
MD5
64468b2ab541687572ce6b435b41f2bd
-
SHA1
893ae234d351c762ab388a7337c625e4b213da6e
-
SHA256
d3ac98cf64ca2fca455b2e4f002c3381bcee699cf64bbfaa076222209f834b1a
-
SHA512
317c14df6c6d1dd3b120a28743eface80474d7140515d61d0a00c326a923f56c71d7135907e2c2d5f17cba1b5746bb19ae5262cf656a098ebd94adba82cc2db8
Static task
static1
Behavioral task
behavioral1
Sample
RFQ Document.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
RFQ Document.exe
Resource
win10-en-20210920
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot1926537393:AAHGSUhtLeQU8qms_2blDH9qpvo-fEuwi9E/sendMessage?chat_id=1664748411
Targets
-
-
Target
RFQ Document.exe
-
Size
336KB
-
MD5
64468b2ab541687572ce6b435b41f2bd
-
SHA1
893ae234d351c762ab388a7337c625e4b213da6e
-
SHA256
d3ac98cf64ca2fca455b2e4f002c3381bcee699cf64bbfaa076222209f834b1a
-
SHA512
317c14df6c6d1dd3b120a28743eface80474d7140515d61d0a00c326a923f56c71d7135907e2c2d5f17cba1b5746bb19ae5262cf656a098ebd94adba82cc2db8
Score10/10-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-