General
-
Target
w9lpb7.zip
-
Size
590KB
-
Sample
210616-aa3vpdjgx2
-
MD5
a050785f4c35ba1f8dfe632e598d2e7e
-
SHA1
c90ac93b096c9859fa6ca4d20005cc5f98b8e915
-
SHA256
e376ca22d92fb2bab636451c9c0afc87a7a527c1a3b7d972d12c7b1ec7c4f4e8
-
SHA512
e48b2d5c440529284069e1516be2d7f35d68926bd35f782c5b8ba2f1ba74e44ce4928a7929e762e6818cab3b582dc0c6383ce0c3ae9be56622e1ced958815153
Static task
static1
Behavioral task
behavioral1
Sample
f7d0c1c7c1f49cc0d92ea2ef73a4532066f4fb00674b3fe7942e54b9c08d7c77.bin.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
f7d0c1c7c1f49cc0d92ea2ef73a4532066f4fb00674b3fe7942e54b9c08d7c77.bin.exe
Resource
win10v20210408
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.manavgatgida.com - Port:
587 - Username:
zehrasirin@manavgatgida.com - Password:
07Manav07Gat...
Targets
-
-
Target
f7d0c1c7c1f49cc0d92ea2ef73a4532066f4fb00674b3fe7942e54b9c08d7c77.bin
-
Size
776KB
-
MD5
2181a8578264b7ae0ea6723610c904c4
-
SHA1
793e7ec3a2f6e4cd2b5157571a010b622f6c6954
-
SHA256
f7d0c1c7c1f49cc0d92ea2ef73a4532066f4fb00674b3fe7942e54b9c08d7c77
-
SHA512
a57bfdb187ed6d5dfb8f5d648d0a56c92ea8301c65c72951c880e2d32ded516d713ecd6f3c84623c6e0a1d5aa45e07a20425aedc2c55b2f9a9ecda17a40de7cc
Score10/10-
Snake Keylogger Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-