General
-
Target
SKGCM_Arabbank_Transfer_document2021doc.exe
-
Size
510KB
-
Sample
210620-47p97faap2
-
MD5
d2562ba3cc578a7851ffcf98585aaa9b
-
SHA1
27100dd29d91f8d0e0aafcc9b93d184378478728
-
SHA256
2335bfea54b33abe93e21697e7d2ed09527fbcf9245d8ea2ca2d062c1a89a0a6
-
SHA512
39e1cac308bed346cb989396cacab5199462c35a72dacfbd25e2773f05d32b374aff8142ab425957992ba8b10942f691119e54743f034514a8912e0b36d4ce2b
Static task
static1
Behavioral task
behavioral1
Sample
SKGCM_Arabbank_Transfer_document2021doc.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
SKGCM_Arabbank_Transfer_document2021doc.exe
Resource
win10v20210408
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
smtp.stomania.net - Port:
587 - Username:
info@stomania.net - Password:
WPT!UgU7
Targets
-
-
Target
SKGCM_Arabbank_Transfer_document2021doc.exe
-
Size
510KB
-
MD5
d2562ba3cc578a7851ffcf98585aaa9b
-
SHA1
27100dd29d91f8d0e0aafcc9b93d184378478728
-
SHA256
2335bfea54b33abe93e21697e7d2ed09527fbcf9245d8ea2ca2d062c1a89a0a6
-
SHA512
39e1cac308bed346cb989396cacab5199462c35a72dacfbd25e2773f05d32b374aff8142ab425957992ba8b10942f691119e54743f034514a8912e0b36d4ce2b
Score10/10-
Snake Keylogger Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-