General
-
Target
Ecol Sp RFQ.122113.gz
-
Size
606KB
-
Sample
210611-l8wvqsr12a
-
MD5
9ccb9d6bb146704c793ec0d36787d8d6
-
SHA1
bc16362c681288f93bf5c481fc3e7890e3737e19
-
SHA256
96b12d371375868fc87d73454805ea2db22f27d46424808c9c3a2cd8fba03296
-
SHA512
27b9117969eec77f3bdfdc01c9d1c9f09d3e5859dce7e8d096cc84643290de22b2c9a240d0462bda7b6d69fb04244d1dc8ee51e40b65c1554f503d4f2e8f369c
Static task
static1
Behavioral task
behavioral1
Sample
Ecol Sp RFQ.122113.exe
Resource
win10v20210408
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot1841252439:AAFeBNk12wAgfxXFXtqpw50JT4iCgTc-FsM/sendMessage?chat_id=-487183096
Targets
-
-
Target
Ecol Sp RFQ.122113.exe
-
Size
836KB
-
MD5
9a2225e1b9acd802016c1d880528de49
-
SHA1
0e9b0abd02fd0c321ddbd6b3140c7c3cf0fa1d9d
-
SHA256
38b556205aa56d97e3e6e2702bd4822b489403e3903132493893e5aced988b83
-
SHA512
424029d7bcd9276a7b1c920f80feda282a53f61f75bc665c5b388c5cc8b2a148489bbf1ef67dedd635c3999284145899d725188b54cff792edfbf173859395ae
Score10/10-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-