General
-
Target
11.exe
-
Size
964KB
-
Sample
210618-8e3nbxe4he
-
MD5
3ec439454ec38b841d94dcc9b352fb50
-
SHA1
3e2ab9a013bb13dc82734adce6b348d24f829d63
-
SHA256
8ad55c732af8237dcab3619b08bd71da2e393170f5a8ee667d6337928c383cd9
-
SHA512
e396e82ca5689f4f15b6908a406542caf7f29f47bf82da4ce2444100424fd3008dcd1920eeadebb138fd046d37ac078f6c080238ce8d93e78dc457c626f848cb
Static task
static1
Behavioral task
behavioral1
Sample
11.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
11.exe
Resource
win10v20210410
Malware Config
Extracted
Protocol: smtp- Host:
smtp.tokyocornpo.com - Port:
587 - Username:
finance@tokyocornpo.com - Password:
omQhbG$5
Extracted
snakekeylogger
Protocol: smtp- Host:
smtp.tokyocornpo.com - Port:
587 - Username:
finance@tokyocornpo.com - Password:
omQhbG$5
Targets
-
-
Target
11.exe
-
Size
964KB
-
MD5
3ec439454ec38b841d94dcc9b352fb50
-
SHA1
3e2ab9a013bb13dc82734adce6b348d24f829d63
-
SHA256
8ad55c732af8237dcab3619b08bd71da2e393170f5a8ee667d6337928c383cd9
-
SHA512
e396e82ca5689f4f15b6908a406542caf7f29f47bf82da4ce2444100424fd3008dcd1920eeadebb138fd046d37ac078f6c080238ce8d93e78dc457c626f848cb
Score10/10-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-