General
-
Target
DHL 4677348255142.exe
-
Size
606KB
-
Sample
210504-fzrtf5ejsn
-
MD5
4eb10dfd43a4d6415e554316cd1bc288
-
SHA1
0a488404456576535cb7acbbaa948fc5053f30f5
-
SHA256
6cf104c9a72fd0d57d3a9e6be82836cb66e74a89cac1890d36a37c8d7452cd8c
-
SHA512
9605a587666642348e3b0c56b3f98b190e3c74f5aa3b42255e30148d6168473ec8990d71e813c12ecf84e4e6b8f01b5bd84ef6372050eff88402704eb3c2c44c
Static task
static1
Behavioral task
behavioral1
Sample
DHL 4677348255142.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
DHL 4677348255142.exe
Resource
win10v20210410
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.almatls.com - Port:
587 - Username:
ewalogs@almatls.com - Password:
0c0qf7xTL1
Targets
-
-
Target
DHL 4677348255142.exe
-
Size
606KB
-
MD5
4eb10dfd43a4d6415e554316cd1bc288
-
SHA1
0a488404456576535cb7acbbaa948fc5053f30f5
-
SHA256
6cf104c9a72fd0d57d3a9e6be82836cb66e74a89cac1890d36a37c8d7452cd8c
-
SHA512
9605a587666642348e3b0c56b3f98b190e3c74f5aa3b42255e30148d6168473ec8990d71e813c12ecf84e4e6b8f01b5bd84ef6372050eff88402704eb3c2c44c
Score10/10-
Snake Keylogger Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-