General
-
Target
PURCHASE ORDER#.7z
-
Size
478KB
-
Sample
240628-ra7dfswdlj
-
MD5
b0ab001fc49e61ce3c910d6543c12c67
-
SHA1
d1b03d10f74b5751834e900443f014631435cc13
-
SHA256
397380c85090e20674183bd7011fc2815c1c77ab81c8d47b7608b68b3662cb90
-
SHA512
0c19ef1859c96d86a11930af7b09282fa0ac435614d085942c1c78283d6dde49b0f48455e23d5b309e7e232172805fea1cbf3d11b38f22ff7b4c9513e309322f
-
SSDEEP
12288:lW2SZ7EEo9Ka10FyrOJSxAkWOfVS9GVIN02vbJ:loZoEoB10FyoWl8GVItt
Static task
static1
Behavioral task
behavioral1
Sample
PO1.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
PO1.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.supaerero.shop - Port:
587 - Username:
[email protected] - Password:
Emma@chosen
Targets
-
-
Target
PO1.exe
-
Size
2.4MB
-
MD5
66c621421dca0a83dd1fa02671f75fda
-
SHA1
b5e0c952e9aba5e53110d6b2fbce2da26dcb6f97
-
SHA256
bc38233e18628256407420a857d1a1999974331cac7c5beb4368550d1d15f91d
-
SHA512
244e38a114960574484f1b8e0c2b96d01cbea67b2d67c730fa4563992c7616692f86e89f27886dac5a5ffc1806f429185e0dc232331b67df94ca9d668cbcd7b2
-
SSDEEP
12288:semYZS+7EaoDKSKMFyeXJ4AVkchfmS9eVINxsvbp9:Pa+oao/KMFy6iKdeVI2X
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-