General
-
Target
03edd9089e8b4ae765b00bcd4c0a32c4_JaffaCakes118
-
Size
1.1MB
-
Sample
240622-1ffblavemg
-
MD5
03edd9089e8b4ae765b00bcd4c0a32c4
-
SHA1
34d8bb65924bfd5714ee29da6248b76074ebcb79
-
SHA256
ec0cfb683c86b7c46ca9f58ff374f9623381b8899bb515ea780d072937449055
-
SHA512
2545b5d833e47aadd987e852a38bc2899faf80043e8fb764a8b7d9bc446e28f69dd3eb15f8b4b087cd04ee6d4c80722a221a5a2c3801d887a572f218b1fffd04
-
SSDEEP
24576:TA7DADNj8mbb0FRlYp5qGPZ+BtLiy5suzq+1hwhEP5Zk05bo+Jb1w:TA7DADB84b0FDy5X+BD5nzqq2EZBo+J6
Static task
static1
Behavioral task
behavioral1
Sample
Purchase Order_pdf.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
Purchase Order_pdf.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.sydneylaptops.com.au - Port:
587 - Username:
[email protected] - Password:
Ijeomam288@
Targets
-
-
Target
Purchase Order_pdf.exe
-
Size
2.8MB
-
MD5
06ddf95fce6d18a63fb14c35d2ee791a
-
SHA1
fe032bdf3108536a9d7ccc2cb939012884249dd0
-
SHA256
e74d8a9446cc29fe3cc0502ab4df804c265761e5529966f5702ff4690031225c
-
SHA512
d251cae79c934e864eaef2fb87c0eca2ee1af14e42edb3d46a8c012394377ce54b279c707fb0d0f9de7d8b632f67ebbd7fd8daae91b764ebe150b56a9f646e88
-
SSDEEP
49152:d7oZ0ajbQzlq5O+l4QOnn8jeX+l8uvlhfNf5lWLPNyeL9+hw/USGy7Xk/51HwgGV:uX0zlC6me98Y5Q1a7
Score10/10-
Beds Protector Packer
Detects Beds Protector packer used to load .NET malware.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-