General
-
Target
MT 103-7424097.doc
-
Size
432KB
-
Sample
240704-zwwg3syenl
-
MD5
cb178a525f7be5360a5d34375bc3693b
-
SHA1
394885168750cb8970704de53e82118762e39a3a
-
SHA256
d62e84ff9dbeaeb0b3b2f6738011930ae636248cdec654d6e948f182f1d831f8
-
SHA512
20b6493096d43a82ccbcef3f34dd1bdcad3be85494857af18c3c4ea0de1e4de5b93ff2b47291a0fde2aa4871fdb9708774e0bff1ff1218f52e36934641e81817
-
SSDEEP
6144:tGuqGuqGuqGuqGuqGuqGuqGuqGuqGuqGugLwE37uaGA:ib
Static task
static1
Behavioral task
behavioral1
Sample
MT 103-7424097.rtf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
MT 103-7424097.rtf
Resource
win10v2004-20240508-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.ebizindia.com - Port:
587 - Username:
[email protected] - Password:
Duro Mausam
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.ebizindia.com - Port:
587 - Username:
[email protected] - Password:
Duro Mausam
Targets
-
-
Target
MT 103-7424097.doc
-
Size
432KB
-
MD5
cb178a525f7be5360a5d34375bc3693b
-
SHA1
394885168750cb8970704de53e82118762e39a3a
-
SHA256
d62e84ff9dbeaeb0b3b2f6738011930ae636248cdec654d6e948f182f1d831f8
-
SHA512
20b6493096d43a82ccbcef3f34dd1bdcad3be85494857af18c3c4ea0de1e4de5b93ff2b47291a0fde2aa4871fdb9708774e0bff1ff1218f52e36934641e81817
-
SSDEEP
6144:tGuqGuqGuqGuqGuqGuqGuqGuqGuqGuqGugLwE37uaGA:ib
-
Snake Keylogger payload
-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-