General
-
Target
RFQ-YEKHA-20-0151.exe
-
Size
702KB
-
Sample
210618-5pnqh3wyd6
-
MD5
20ceb0cdf1f078b28671054c2863052c
-
SHA1
fc335d40a3fe8aceb4fbfd89c279b9b56a142556
-
SHA256
4223fc55e6b0fc32d0f55607395055db9023a5d6980dccad59f11aadf0179b86
-
SHA512
1639777ffadd90248a0735429fb3068a0dc5ad106520416104afaebfb2744950c96ee8918267041c6055a882b022ea15472f545e7333329124d2699e5847ec1a
Static task
static1
Behavioral task
behavioral1
Sample
RFQ-YEKHA-20-0151.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
RFQ-YEKHA-20-0151.exe
Resource
win10v20210410
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
newoffice@myexodus1.com - Password:
gefqPU#Az8
Targets
-
-
Target
RFQ-YEKHA-20-0151.exe
-
Size
702KB
-
MD5
20ceb0cdf1f078b28671054c2863052c
-
SHA1
fc335d40a3fe8aceb4fbfd89c279b9b56a142556
-
SHA256
4223fc55e6b0fc32d0f55607395055db9023a5d6980dccad59f11aadf0179b86
-
SHA512
1639777ffadd90248a0735429fb3068a0dc5ad106520416104afaebfb2744950c96ee8918267041c6055a882b022ea15472f545e7333329124d2699e5847ec1a
Score10/10-
Suspicious use of SetThreadContext
-