General
-
Target
Minutes Of Meeting.exe
-
Size
1020KB
-
Sample
210618-extatkcds6
-
MD5
044de8acb8b415cf3ba5ce8d33471bf5
-
SHA1
e392f710bb523b493475b889df57e3cb1d18cb32
-
SHA256
db8ae92feb34e825ebfae00f75e27bbb5cb914533f45cc11799fc4d96f93e69a
-
SHA512
74d76e822d6444f092ded8ddd17aba7be4392a997c474a8ca2454f63734944ab8630e5024a9a1cdb6fd215113d17ceb05c132783fae9f5f8a9d3a884dc018d52
Static task
static1
Behavioral task
behavioral1
Sample
Minutes Of Meeting.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Minutes Of Meeting.exe
Resource
win10v20210408
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.iykmoreentrprise.org - Port:
587 - Username:
zalatexinteriors@iykmoreentrprise.org - Password:
Z&6s7s.YLZZi
Targets
-
-
Target
Minutes Of Meeting.exe
-
Size
1020KB
-
MD5
044de8acb8b415cf3ba5ce8d33471bf5
-
SHA1
e392f710bb523b493475b889df57e3cb1d18cb32
-
SHA256
db8ae92feb34e825ebfae00f75e27bbb5cb914533f45cc11799fc4d96f93e69a
-
SHA512
74d76e822d6444f092ded8ddd17aba7be4392a997c474a8ca2454f63734944ab8630e5024a9a1cdb6fd215113d17ceb05c132783fae9f5f8a9d3a884dc018d52
Score10/10-
Snake Keylogger Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-