General
-
Target
Consignment Doc.exe
-
Size
235KB
-
Sample
210421-wfjqe7qfwj
-
MD5
b65c7b2118c5e4d6ad903c82b15a4867
-
SHA1
ad419df99d7e2519db823822db3b131cf4a0997f
-
SHA256
b20aef6f59d2315f17622d3d7291bdd171539a7d8c56baa70c672c3ad234173d
-
SHA512
7f2be934356c889869dd7c7e8f7e3022891b498da3cf4685c84eb49171d5ab74da27f4e98fe4cb7ba432172893428ef9d805abf234878cb5d1af6cae25c60b16
Static task
static1
Behavioral task
behavioral1
Sample
Consignment Doc.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Consignment Doc.exe
Resource
win10v20210410
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
gmicaprelam.in - Port:
587 - Username:
shege@gmicaprelam.in - Password:
shege2424@
Targets
-
-
Target
Consignment Doc.exe
-
Size
235KB
-
MD5
b65c7b2118c5e4d6ad903c82b15a4867
-
SHA1
ad419df99d7e2519db823822db3b131cf4a0997f
-
SHA256
b20aef6f59d2315f17622d3d7291bdd171539a7d8c56baa70c672c3ad234173d
-
SHA512
7f2be934356c889869dd7c7e8f7e3022891b498da3cf4685c84eb49171d5ab74da27f4e98fe4cb7ba432172893428ef9d805abf234878cb5d1af6cae25c60b16
Score10/10-
Snake Keylogger Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-