General
-
Target
SecuriteInfo.com.Trojan.GenericKD.36741716.4036.9128
-
Size
235KB
-
Sample
210420-jqrrx3nwke
-
MD5
f800c3f06fc079a0b96c979a887c4000
-
SHA1
ba0327ab0611bac6334c1b2fbda5a148dff52a6c
-
SHA256
376fb5dbb339a77640a9ebc77162ab11c63186c48fa6f7c0a1717caacb9b70b6
-
SHA512
335b71986422533f7d294aec3bd5c6ef48528f596f534a45ba31814ba913c4d8a4d3e6e9d26c390357668d2b2e6fde3f40c89a990b1de8e297c6cfa1bbe04523
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.GenericKD.36741716.4036.9128.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Trojan.GenericKD.36741716.4036.9128.exe
Resource
win10v20210410
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
janryone.xyz - Port:
587 - Username:
[email protected] - Password:
*sQwqe$]n1[z
Targets
-
-
Target
SecuriteInfo.com.Trojan.GenericKD.36741716.4036.9128
-
Size
235KB
-
MD5
f800c3f06fc079a0b96c979a887c4000
-
SHA1
ba0327ab0611bac6334c1b2fbda5a148dff52a6c
-
SHA256
376fb5dbb339a77640a9ebc77162ab11c63186c48fa6f7c0a1717caacb9b70b6
-
SHA512
335b71986422533f7d294aec3bd5c6ef48528f596f534a45ba31814ba913c4d8a4d3e6e9d26c390357668d2b2e6fde3f40c89a990b1de8e297c6cfa1bbe04523
Score10/10-
Modifies WinLogon for persistence
-
Snake Keylogger Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-