General
-
Target
quote#2793 almaco.exe
-
Size
537KB
-
Sample
210620-44cmtxy62s
-
MD5
e01f4ef489111632bad36cf50a31de59
-
SHA1
958d0b6d6b171e85c1ca96728aeb5c186feff22c
-
SHA256
b8902f524b2bbefb37fe0215cc36f8e022e29059cdb0a68a592326fb522066a1
-
SHA512
599e865a4f5f4121acb82d91ce53069efb18d52e9d676c12ae92c1cd63dbb6f3aa747ea3d859ae1fee7b198a7a49cfd71dc2a48556e183d8d59317c3026defe5
Static task
static1
Behavioral task
behavioral1
Sample
quote#2793 almaco.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
quote#2793 almaco.exe
Resource
win10v20210408
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.tokasecurity.co.za - Port:
587 - Username:
toka.b@tokasecurity.co.za - Password:
Bafo1970@1
Targets
-
-
Target
quote#2793 almaco.exe
-
Size
537KB
-
MD5
e01f4ef489111632bad36cf50a31de59
-
SHA1
958d0b6d6b171e85c1ca96728aeb5c186feff22c
-
SHA256
b8902f524b2bbefb37fe0215cc36f8e022e29059cdb0a68a592326fb522066a1
-
SHA512
599e865a4f5f4121acb82d91ce53069efb18d52e9d676c12ae92c1cd63dbb6f3aa747ea3d859ae1fee7b198a7a49cfd71dc2a48556e183d8d59317c3026defe5
Score10/10-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-