General
-
Target
Uekonhzz.exe
-
Size
242KB
-
Sample
210419-lx69cvgkhs
-
MD5
d4d8ef44275700e1b44a4c82fa18a7e7
-
SHA1
8773c3226a0b274aaeb281ff9bcb1acbb37817b4
-
SHA256
a77a3638d5c7d0c986f01af3db3f8e92b0acb6c8311c9c20bcca49658c09c975
-
SHA512
d4b3ed932fcdd32519fdeb2db2e9affcaecbeb035e0d7b2fcc65355f5d87eed950b8ea69d094d2f578d3775cf7cd863187ac1ddaeadb3dc661ccdc0c45ecbe76
Static task
static1
Behavioral task
behavioral1
Sample
Uekonhzz.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
Uekonhzz.exe
Resource
win10v20210408
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
nobetone.xyz - Port:
587 - Username:
[email protected] - Password:
@QP5Et$cNKpj
Targets
-
-
Target
Uekonhzz.exe
-
Size
242KB
-
MD5
d4d8ef44275700e1b44a4c82fa18a7e7
-
SHA1
8773c3226a0b274aaeb281ff9bcb1acbb37817b4
-
SHA256
a77a3638d5c7d0c986f01af3db3f8e92b0acb6c8311c9c20bcca49658c09c975
-
SHA512
d4b3ed932fcdd32519fdeb2db2e9affcaecbeb035e0d7b2fcc65355f5d87eed950b8ea69d094d2f578d3775cf7cd863187ac1ddaeadb3dc661ccdc0c45ecbe76
Score10/10-
Modifies WinLogon for persistence
-
Snake Keylogger Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-