General
-
Target
sample.zip
-
Size
207KB
-
Sample
210420-2fqhkvk1ms
-
MD5
0fd33e84997939c0dfc158b1bf20b75c
-
SHA1
b1a445b12c26ffc86573a4280cafc3e8d8adae14
-
SHA256
4333d61e8f00fe8ba9f1a0db6b5b2534fc5ef903f3adf1b8da25b572f8c3cf44
-
SHA512
7e64f9248935f24034582d0aee8077c67d6d613f4af34eedcb74d756f770cd0423af3babba2ddc7d5521a1e31644c179fd5533e88c7fb2c9d290f7e01ecb4d70
Static task
static1
Behavioral task
behavioral1
Sample
DLT_051_641_974.scr
Resource
win7v20210408
Behavioral task
behavioral2
Sample
DLT_051_641_974.scr
Resource
win10v20210410
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
janryone.xyz - Port:
587 - Username:
[email protected] - Password:
*sQwqe$]n1[z
Targets
-
-
Target
DLT_051_641_974.scr
-
Size
234KB
-
MD5
3d59e8abe01b2cbbbc611d79bea8848f
-
SHA1
bd9d8040cbbe676b24a6db46ae1be56a6ebb8467
-
SHA256
eaf12384de70d8bfa07bf4bc6448086e35f70cf53071bdc0aca5472b5ddfbfad
-
SHA512
02b770ea3d9b367af6f9077c9a65d59aa59f520a46075ee514b68e1a5d3ca5ebd33d5a3b147c3495afd4eff0eeb622bd9431224d4ec2dabd8ac9927b47068bfd
Score10/10-
Snake Keylogger Payload
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-