General
-
Target
c46ec309dba61ffbeb74bacf4f54c969.exe
-
Size
448KB
-
Sample
210114-vzvva94cnn
-
MD5
c46ec309dba61ffbeb74bacf4f54c969
-
SHA1
33c01acc5e47638a25ec6d16a478ca088183d8c4
-
SHA256
e96b94843af6cd39424813c798b678d7202015ea488ff88d7be4ceee0ddfe531
-
SHA512
d6184f35fad278ab0b6074b7a0b0404e820574187a5ad7cb964ac0c4678216d43e40e278c59d5a6124472df6c489e6da87faef362ad5d1b688d04c84e9bfb61f
Static task
static1
Behavioral task
behavioral1
Sample
c46ec309dba61ffbeb74bacf4f54c969.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
c46ec309dba61ffbeb74bacf4f54c969.exe
Resource
win10v20201028
Malware Config
Extracted
Protocol: smtp- Host:
pro40.emailserver.vn - Port:
587 - Username:
[email protected] - Password:
Vexa@2013
Targets
-
-
Target
c46ec309dba61ffbeb74bacf4f54c969.exe
-
Size
448KB
-
MD5
c46ec309dba61ffbeb74bacf4f54c969
-
SHA1
33c01acc5e47638a25ec6d16a478ca088183d8c4
-
SHA256
e96b94843af6cd39424813c798b678d7202015ea488ff88d7be4ceee0ddfe531
-
SHA512
d6184f35fad278ab0b6074b7a0b0404e820574187a5ad7cb964ac0c4678216d43e40e278c59d5a6124472df6c489e6da87faef362ad5d1b688d04c84e9bfb61f
Score10/10-
Snake Keylogger Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-