General
-
Target
ORDER PO-168-05102021.exe
-
Size
961KB
-
Sample
210511-kbxzs1nq62
-
MD5
06b47a4bc32b50a53e51ed01036f60aa
-
SHA1
7c999525e123af1373e3db8e297550e220ae0a50
-
SHA256
3757c869c9c4e311a526cce16364a47e2a286006f863ff19f5fe3cc1ae289cee
-
SHA512
004f0eaae350c78aaecc07c39b66708f1df7478d1752f1a4cde17969f22630e0f67686d6680afe1b949a9ecd092f4b8bd8caf05b886dcfd8fab468baab87e510
Static task
static1
Behavioral task
behavioral1
Sample
ORDER PO-168-05102021.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
ORDER PO-168-05102021.exe
Resource
win10v20210410
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
smtp.ionos.com - Port:
587 - Username:
office@airtechair.net - Password:
Airtech2010@
Targets
-
-
Target
ORDER PO-168-05102021.exe
-
Size
961KB
-
MD5
06b47a4bc32b50a53e51ed01036f60aa
-
SHA1
7c999525e123af1373e3db8e297550e220ae0a50
-
SHA256
3757c869c9c4e311a526cce16364a47e2a286006f863ff19f5fe3cc1ae289cee
-
SHA512
004f0eaae350c78aaecc07c39b66708f1df7478d1752f1a4cde17969f22630e0f67686d6680afe1b949a9ecd092f4b8bd8caf05b886dcfd8fab468baab87e510
Score10/10-
Snake Keylogger Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-