General
-
Target
RFQ 100400806 SUPPLY.exe
-
Size
692KB
-
Sample
210408-sgvflantpj
-
MD5
0b6a32ecebc1b748e6c581969cd22f23
-
SHA1
127095cc13cb9f8424ce1cea70cd96177da9b6fc
-
SHA256
a2c53f24c2ab1da5772d43b5b5f2c70291e5d47fffc96fab67db326d8e34625a
-
SHA512
64934e11a836325df4a4582f42719f31252e7f88d9f7f15abc5b645982ac3727e50e713eb373acd0b3fca0aea7dfaf7bb3733b499381878e43984172de157558
Static task
static1
Behavioral task
behavioral1
Sample
RFQ 100400806 SUPPLY.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
RFQ 100400806 SUPPLY.exe
Resource
win10v20201028
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.porathacorp.com - Port:
587 - Username:
devarajan@porathacorp.com - Password:
susila@22
Targets
-
-
Target
RFQ 100400806 SUPPLY.exe
-
Size
692KB
-
MD5
0b6a32ecebc1b748e6c581969cd22f23
-
SHA1
127095cc13cb9f8424ce1cea70cd96177da9b6fc
-
SHA256
a2c53f24c2ab1da5772d43b5b5f2c70291e5d47fffc96fab67db326d8e34625a
-
SHA512
64934e11a836325df4a4582f42719f31252e7f88d9f7f15abc5b645982ac3727e50e713eb373acd0b3fca0aea7dfaf7bb3733b499381878e43984172de157558
Score10/10-
Snake Keylogger Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-