General
-
Target
73550af1c4f17e028355c872271f8627.exe
-
Size
681KB
-
Sample
210129-jggbw3ebex
-
MD5
73550af1c4f17e028355c872271f8627
-
SHA1
f29d5e4d73b369f2c3ef5ad534d275fdc1e713a7
-
SHA256
329e8c0525a2c1c5fecced5d189ff5e7a063e8a1188415f42f3543f945fe0337
-
SHA512
9c1ad44421632c65e1a54fdb42cf24ad7112c25b299cda4d086ab3e0ee2688cdd5d6aaef1a50f87bf1193796533ddf3093c5f229a15d804dab0df907e104cfd5
Static task
static1
Behavioral task
behavioral1
Sample
73550af1c4f17e028355c872271f8627.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
73550af1c4f17e028355c872271f8627.exe
Resource
win10v20201028
Malware Config
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
WyhjVTBX5hjrgu7
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected]
Targets
-
-
Target
73550af1c4f17e028355c872271f8627.exe
-
Size
681KB
-
MD5
73550af1c4f17e028355c872271f8627
-
SHA1
f29d5e4d73b369f2c3ef5ad534d275fdc1e713a7
-
SHA256
329e8c0525a2c1c5fecced5d189ff5e7a063e8a1188415f42f3543f945fe0337
-
SHA512
9c1ad44421632c65e1a54fdb42cf24ad7112c25b299cda4d086ab3e0ee2688cdd5d6aaef1a50f87bf1193796533ddf3093c5f229a15d804dab0df907e104cfd5
Score10/10-
Snake Keylogger Payload
-
Drops startup file
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-