General
-
Target
1de9c4ca2b751b97c28e73c84217507d.exe
-
Size
447KB
-
Sample
210114-ex63zwfw6n
-
MD5
1de9c4ca2b751b97c28e73c84217507d
-
SHA1
f3fbdf10dee07eca9ccb4a4a19362aa7ec032c9f
-
SHA256
c2e6371e1b08cffdc14f08b5dfcef6b9f4202fbaedf69dd4c6ba011c57bb8c93
-
SHA512
0c63668a8ce002fbe73353e17eda2c16af7949557cabfd722a92e17a8b8b4eb5cbb9d711ed42ba07f1b8e8226494cc94999dca7dc1b7856630cb33cf118846f0
Static task
static1
Behavioral task
behavioral1
Sample
1de9c4ca2b751b97c28e73c84217507d.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
1de9c4ca2b751b97c28e73c84217507d.exe
Resource
win10v20201028
Malware Config
Extracted
Protocol: smtp- Host:
pro40.emailserver.vn - Port:
587 - Username:
[email protected] - Password:
Vexa@2013
Targets
-
-
Target
1de9c4ca2b751b97c28e73c84217507d.exe
-
Size
447KB
-
MD5
1de9c4ca2b751b97c28e73c84217507d
-
SHA1
f3fbdf10dee07eca9ccb4a4a19362aa7ec032c9f
-
SHA256
c2e6371e1b08cffdc14f08b5dfcef6b9f4202fbaedf69dd4c6ba011c57bb8c93
-
SHA512
0c63668a8ce002fbe73353e17eda2c16af7949557cabfd722a92e17a8b8b4eb5cbb9d711ed42ba07f1b8e8226494cc94999dca7dc1b7856630cb33cf118846f0
Score10/10-
Snake Keylogger Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-