General
-
Target
QYT000000.xz
-
Size
505KB
-
Sample
210421-ygc66cezs2
-
MD5
b0db3ee823ff5baa6af18696b324ebd2
-
SHA1
05e4b4ae109a155e5a1123e1338dc197cb1591d9
-
SHA256
95c91ca7da1e9a2f7190c32c8ce50d3f01c33eb4f5e51b1f303018f22fafbfa7
-
SHA512
126f4dd8a0134c47d8e5247673e9ef8dd75b2e5066340fa19154b42b794f5ef225b78b7614b3d87d3eb6007219cae0563293671312ecb2fb453612915a1ae48b
Static task
static1
Behavioral task
behavioral1
Sample
QYT000000.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
QYT000000.exe
Resource
win10v20210408
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
smtp.ionos.com - Port:
587 - Username:
miguel.chiliguano@sismode.com - Password:
Miguel1.2
Targets
-
-
Target
QYT000000.exe
-
Size
786KB
-
MD5
a9d1ef91a6839f5894a067c01bae3814
-
SHA1
0c86bac1ae4a07aa0481da1ab431b70d2695f48b
-
SHA256
ddfb83a23c35cc2e231b9bcbfe0c0078613ef1ab1c9568223e4a34b6c9d4cbcb
-
SHA512
f7ec6c043cd38c337209ba389e1fdce4d38745ca8279e3b6499d848e69216f1d852ff738e8cb4a310acf59b5a3dc77cb3ad08841fb5e5130082ab753a587a1b9
Score10/10-
Snake Keylogger Payload
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-