General
-
Target
SKM_004202005000.exe
-
Size
538KB
-
Sample
201109-t8qzhbdzm6
-
MD5
7b29ed387e5ee010639af0fad63d582b
-
SHA1
b68dfa3f4220665d4c0bb90480305d79948e838e
-
SHA256
51d5ab8487876cbc9c82c7450affdab67de13f1ff8b126f82fefa4281698ad59
-
SHA512
d905c44ac09aaece6b72acf53897c273ecd36512f5ac5d054b4217bdd290aa4c4dee6262c4c85f9a1cd67abd7f0c102a4fdfec4deab0c99d813192cbca166b70
Static task
static1
Behavioral task
behavioral1
Sample
SKM_004202005000.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
SKM_004202005000.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
SKM_004202005000.exe
-
Size
538KB
-
MD5
7b29ed387e5ee010639af0fad63d582b
-
SHA1
b68dfa3f4220665d4c0bb90480305d79948e838e
-
SHA256
51d5ab8487876cbc9c82c7450affdab67de13f1ff8b126f82fefa4281698ad59
-
SHA512
d905c44ac09aaece6b72acf53897c273ecd36512f5ac5d054b4217bdd290aa4c4dee6262c4c85f9a1cd67abd7f0c102a4fdfec4deab0c99d813192cbca166b70
Score10/10-
404 Keylogger Main Executable
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-