General
-
Target
IMG_10540078520047 .doc
-
Size
1.4MB
-
Sample
210422-c2tyanxdyx
-
MD5
0f7cb8ef7f3a0ba740b69bc4d8498161
-
SHA1
639486b1a12e88724ecd7427598430e0a14e4248
-
SHA256
1d69982a9173f3c9a513fb6fce37efa9031a3f389ffb0b72a63c7cea2d67fa1f
-
SHA512
c32496ce09fae08455a4daeab609775366d093809433771b294f9c5eee71f92fb6dc13082666f55faf273318b64caac44a9c6a4c6386b4c27fd2f2330fbc8424
Static task
static1
Behavioral task
behavioral1
Sample
IMG_10540078520047 .doc.rtf
Resource
win7v20210410
Behavioral task
behavioral2
Sample
IMG_10540078520047 .doc.rtf
Resource
win10v20210410
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
nobetone.xyz - Port:
587 - Username:
sail@nobetone.xyz - Password:
@QP5Et$cNKpj
Targets
-
-
Target
IMG_10540078520047 .doc
-
Size
1.4MB
-
MD5
0f7cb8ef7f3a0ba740b69bc4d8498161
-
SHA1
639486b1a12e88724ecd7427598430e0a14e4248
-
SHA256
1d69982a9173f3c9a513fb6fce37efa9031a3f389ffb0b72a63c7cea2d67fa1f
-
SHA512
c32496ce09fae08455a4daeab609775366d093809433771b294f9c5eee71f92fb6dc13082666f55faf273318b64caac44a9c6a4c6386b4c27fd2f2330fbc8424
Score10/10-
Snake Keylogger Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-