General
-
Target
vbc.exe
-
Size
732KB
-
Sample
210504-5asqnvzcwe
-
MD5
dc6c597848870c7c68143495ba2a1ec0
-
SHA1
1f1950e2728ff9ce2767ddefcf97929dbb9454f7
-
SHA256
089d065fe8e39f8b19a726cb15ac216e352a5576f446c5fc38486f1fbb7a1d9c
-
SHA512
cfddb959541c2f0cd9fd8fc82f8cfc2c55bb5439bd70f423e213228d4e332de0ee9a879dc03d5cd9c7f003d676dee3f49a4465d803802bb2e6c474ea4f1d6962
Static task
static1
Behavioral task
behavioral1
Sample
vbc.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
vbc.exe
Resource
win10v20210408
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.almatls.com - Port:
587 - Username:
ewalogs@almatls.com - Password:
0c0qf7xTL1
Targets
-
-
Target
vbc.exe
-
Size
732KB
-
MD5
dc6c597848870c7c68143495ba2a1ec0
-
SHA1
1f1950e2728ff9ce2767ddefcf97929dbb9454f7
-
SHA256
089d065fe8e39f8b19a726cb15ac216e352a5576f446c5fc38486f1fbb7a1d9c
-
SHA512
cfddb959541c2f0cd9fd8fc82f8cfc2c55bb5439bd70f423e213228d4e332de0ee9a879dc03d5cd9c7f003d676dee3f49a4465d803802bb2e6c474ea4f1d6962
Score10/10-
Snake Keylogger Payload
-
Uses the VBS compiler for execution
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-