General
-
Target
Notification OfShipment.exe
-
Size
621KB
-
Sample
210617-xvxmmx81p2
-
MD5
f7cda8b6c69b566725925ff1b5013c40
-
SHA1
0f037832cc7acc702f850f45fa3a017fd6f071b8
-
SHA256
e84cf7262beb70085cd598f65d82e8063ec2f3e1c13bb24d89d5a8e8c44c027b
-
SHA512
0d158838d531a419d2b0d2eaa95569549e9d7d83f2e525177b154d0f67b846f4f627ea54a128e4f3b63e61eb026e423b6f3d2055728619e6d229f42d5e04a338
Static task
static1
Behavioral task
behavioral1
Sample
Notification OfShipment.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Notification OfShipment.exe
Resource
win10v20210410
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
smtp.faret-cn.com - Port:
587 - Username:
darwin@faret-cn.com - Password:
mzn}$Q5hv4A_
Targets
-
-
Target
Notification OfShipment.exe
-
Size
621KB
-
MD5
f7cda8b6c69b566725925ff1b5013c40
-
SHA1
0f037832cc7acc702f850f45fa3a017fd6f071b8
-
SHA256
e84cf7262beb70085cd598f65d82e8063ec2f3e1c13bb24d89d5a8e8c44c027b
-
SHA512
0d158838d531a419d2b0d2eaa95569549e9d7d83f2e525177b154d0f67b846f4f627ea54a128e4f3b63e61eb026e423b6f3d2055728619e6d229f42d5e04a338
Score10/10-
Snake Keylogger Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-