General
-
Target
df6e05150232b27c424b0e7813487491.exe
-
Size
357KB
-
Sample
210618-6nw4gxbc3a
-
MD5
df6e05150232b27c424b0e7813487491
-
SHA1
345a18019391a7d530628a55c2f1bd8379ef0ad5
-
SHA256
52309c4bfd0f4a78a05edff800c412760c488ef60f6709f6f9038dc1f315f17a
-
SHA512
d60d3fb015a997f52e6a069e427e0544e875ac84c1b48e7468b4e4b4a70df09a4bc7adbd5f8cefa57072df59d964480d99cc5b496750e3c12f4ab92f0c750db9
Static task
static1
Behavioral task
behavioral1
Sample
df6e05150232b27c424b0e7813487491.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
df6e05150232b27c424b0e7813487491.exe
Resource
win10v20210408
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
lagardan@yandex.com - Password:
pP!@*&@)555
Targets
-
-
Target
df6e05150232b27c424b0e7813487491.exe
-
Size
357KB
-
MD5
df6e05150232b27c424b0e7813487491
-
SHA1
345a18019391a7d530628a55c2f1bd8379ef0ad5
-
SHA256
52309c4bfd0f4a78a05edff800c412760c488ef60f6709f6f9038dc1f315f17a
-
SHA512
d60d3fb015a997f52e6a069e427e0544e875ac84c1b48e7468b4e4b4a70df09a4bc7adbd5f8cefa57072df59d964480d99cc5b496750e3c12f4ab92f0c750db9
Score10/10-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-