General
-
Target
SOA_16.06.21.exe
-
Size
859KB
-
Sample
210616-897s5nr2gj
-
MD5
60a8ab38ccc6c6d4b2d181bbf3e60cd3
-
SHA1
02e6b17391b3ec901b33964e9bae087e39e0d126
-
SHA256
f3dfb1674daa417cb203423b8bcca979b47c97dc71aba3e0dffb995a11b63e33
-
SHA512
42072fe6e713ca25d33586e058d8c6c2877756173cdb609e7884fa4a9ab878bf8673188da669201b73008cc5d1fc0fcf3125ef59617979e91b80b9accaf526be
Static task
static1
Behavioral task
behavioral1
Sample
SOA_16.06.21.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
SOA_16.06.21.exe
Resource
win10v20210410
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
smtp.logicstica-group.com - Port:
587 - Username:
yassin.jawish@logicstica-group.com - Password:
LvlC^A)4
Targets
-
-
Target
SOA_16.06.21.exe
-
Size
859KB
-
MD5
60a8ab38ccc6c6d4b2d181bbf3e60cd3
-
SHA1
02e6b17391b3ec901b33964e9bae087e39e0d126
-
SHA256
f3dfb1674daa417cb203423b8bcca979b47c97dc71aba3e0dffb995a11b63e33
-
SHA512
42072fe6e713ca25d33586e058d8c6c2877756173cdb609e7884fa4a9ab878bf8673188da669201b73008cc5d1fc0fcf3125ef59617979e91b80b9accaf526be
Score10/10-
Snake Keylogger Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-