General
-
Target
SecuriteInfo.com.Variant.Bulz.440290.18036.1686
-
Size
245KB
-
Sample
210420-krgar9s4ts
-
MD5
a4326b69873c799207e4c9d30c2ed3ac
-
SHA1
ee9d604c54a4450a6bfa071a2f23aaae5114e680
-
SHA256
0299ed3db28516997c3a162def5ee464a25485241b4eb8cf2a0d3f21fd498f72
-
SHA512
f26a406e6b7de5e93c70024fb6642140598eebba38ebc79a3f81219a68a29dbec06f67b716faffc67be0a0f6c3378ca9218f9edbd8e74374d2e0e8ef096d6330
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Variant.Bulz.440290.18036.1686.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Variant.Bulz.440290.18036.1686.exe
Resource
win10v20210410
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
nobettwo.xyz - Port:
587 - Username:
[email protected] - Password:
O^1)7]oEv=*a
Targets
-
-
Target
SecuriteInfo.com.Variant.Bulz.440290.18036.1686
-
Size
245KB
-
MD5
a4326b69873c799207e4c9d30c2ed3ac
-
SHA1
ee9d604c54a4450a6bfa071a2f23aaae5114e680
-
SHA256
0299ed3db28516997c3a162def5ee464a25485241b4eb8cf2a0d3f21fd498f72
-
SHA512
f26a406e6b7de5e93c70024fb6642140598eebba38ebc79a3f81219a68a29dbec06f67b716faffc67be0a0f6c3378ca9218f9edbd8e74374d2e0e8ef096d6330
Score10/10-
Modifies WinLogon for persistence
-
Snake Keylogger Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-