General
-
Target
Request Quotation.exe
-
Size
698KB
-
Sample
210616-5r1d62ml5s
-
MD5
78b77bb40dde1d7c2922ee8288365e81
-
SHA1
a2476c79e3f07b1d71c17b62c338cbd65977e519
-
SHA256
d5b6e38e9f49fc345baf7b20c2ba7dae8fb24b99f45f30499244e54a52e532b5
-
SHA512
4a5e5f51c04c2ce059eab4cb4576965ed83643f8834e072e952e2c778969529c43835d2edd4bb8b6f2fd6d81c96508572590ff8be62f600d97dc487933b3bb5d
Static task
static1
Behavioral task
behavioral1
Sample
Request Quotation.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
Request Quotation.exe
Resource
win10v20210408
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.dadupipes.com - Port:
587 - Username:
tenders@dadupipes.com - Password:
1Y=Ye-bEjmB5
Targets
-
-
Target
Request Quotation.exe
-
Size
698KB
-
MD5
78b77bb40dde1d7c2922ee8288365e81
-
SHA1
a2476c79e3f07b1d71c17b62c338cbd65977e519
-
SHA256
d5b6e38e9f49fc345baf7b20c2ba7dae8fb24b99f45f30499244e54a52e532b5
-
SHA512
4a5e5f51c04c2ce059eab4cb4576965ed83643f8834e072e952e2c778969529c43835d2edd4bb8b6f2fd6d81c96508572590ff8be62f600d97dc487933b3bb5d
Score10/10-
Snake Keylogger Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-