General
-
Target
Octamod 2021 -…P014 New Order.exe
-
Size
850KB
-
Sample
210511-ttmhc9cea6
-
MD5
1f9ac934c5d6f220178d7ec12e19494a
-
SHA1
6bf52e1ecc9748b549aedba099eb0f95eac896c8
-
SHA256
e81daa14348c2bb2351501bd23162b42b1d6a59b11ed38af56c23812efc8bca8
-
SHA512
0bdb0228fdb1aca103f82e19d61697f744fd7a7f4c0e931ee6adb0f84a39486bfb6f0fa49ccf4c6d4ecf28b856a764f88e776cb80ea362a6f95aeb0979af368a
Static task
static1
Behavioral task
behavioral1
Sample
Octamod 2021 -…P014 New Order.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Octamod 2021 -…P014 New Order.exe
Resource
win10v20210410
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.almatls.com - Port:
587 - Username:
ewalogs@almatls.com - Password:
0c0qf7xTL1
Targets
-
-
Target
Octamod 2021 -…P014 New Order.exe
-
Size
850KB
-
MD5
1f9ac934c5d6f220178d7ec12e19494a
-
SHA1
6bf52e1ecc9748b549aedba099eb0f95eac896c8
-
SHA256
e81daa14348c2bb2351501bd23162b42b1d6a59b11ed38af56c23812efc8bca8
-
SHA512
0bdb0228fdb1aca103f82e19d61697f744fd7a7f4c0e931ee6adb0f84a39486bfb6f0fa49ccf4c6d4ecf28b856a764f88e776cb80ea362a6f95aeb0979af368a
Score10/10-
Snake Keylogger Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-