General
-
Target
Zalando_mail_14.exe
-
Size
779KB
-
Sample
210616-fwbpblet4x
-
MD5
c6a06d0f5f22625f504bf0eb93da4d92
-
SHA1
bbb3626a74c145ec86102ba0a0fee4f34e2bdeec
-
SHA256
12525ec37ff174175f0b10bcefef933647a786fb78be4582162e9556354243c4
-
SHA512
93196d13a8cc9f54b8c3820c5c7045ac799ca8d51015c56f2e7d6a0e82c73c939a7ae563718a005d868824cef10b1cc184b7e54c0eb5cb91175c34f349d0a156
Static task
static1
Behavioral task
behavioral1
Sample
Zalando_mail_14.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Zalando_mail_14.exe
Resource
win10v20210410
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
nicolas.sautter@chsauter-bc.com - Password:
111aaa
Targets
-
-
Target
Zalando_mail_14.exe
-
Size
779KB
-
MD5
c6a06d0f5f22625f504bf0eb93da4d92
-
SHA1
bbb3626a74c145ec86102ba0a0fee4f34e2bdeec
-
SHA256
12525ec37ff174175f0b10bcefef933647a786fb78be4582162e9556354243c4
-
SHA512
93196d13a8cc9f54b8c3820c5c7045ac799ca8d51015c56f2e7d6a0e82c73c939a7ae563718a005d868824cef10b1cc184b7e54c0eb5cb91175c34f349d0a156
Score10/10-
Snake Keylogger Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-