General
-
Target
Consignment Details.exe
-
Size
3.0MB
-
Sample
210511-cqbde69jqn
-
MD5
13d99c2ac641f89128925263d6ddc4f4
-
SHA1
3e68058db2a6da752fd3e711955bed24440d6471
-
SHA256
55519e954b4b28f0d1497294eab96130c3932928fdf4a739c9a94a884379282f
-
SHA512
8aef281d74bdb0da823c4c91855563e82bf6bbbaaeb88a528d06992b59feeae64f1f6fbf4dc49e2d5e6de8dcfd9cabc2654b6a3acc5f7c30628c4d8d9f8285c5
Static task
static1
Behavioral task
behavioral1
Sample
Consignment Details.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Consignment Details.exe
Resource
win10v20210408
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
gmicaprelam.in - Port:
587 - Username:
shege@gmicaprelam.in - Password:
shege2424@
Targets
-
-
Target
Consignment Details.exe
-
Size
3.0MB
-
MD5
13d99c2ac641f89128925263d6ddc4f4
-
SHA1
3e68058db2a6da752fd3e711955bed24440d6471
-
SHA256
55519e954b4b28f0d1497294eab96130c3932928fdf4a739c9a94a884379282f
-
SHA512
8aef281d74bdb0da823c4c91855563e82bf6bbbaaeb88a528d06992b59feeae64f1f6fbf4dc49e2d5e6de8dcfd9cabc2654b6a3acc5f7c30628c4d8d9f8285c5
Score10/10-
Snake Keylogger Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-