General
-
Target
quotation #60152 almaco.exe
-
Size
836KB
-
Sample
210621-wlsd51qfc6
-
MD5
3207003cc8d695d5b12699816f32044c
-
SHA1
3e269c355c8365f2cfd64ab986126ebfcfc9b08f
-
SHA256
d935261d62e1721db7f65671dc26c56c532b98d8b3335fce23455b2404a39ed2
-
SHA512
66a1ac063fb5565351d3dde5331938fdfeb19dca76d968d9ba8f326bcf985ccb0c06b26611792fe3eb643fcb3533369887c10ede46b9038ae5598ca814fa14e2
Static task
static1
Behavioral task
behavioral1
Sample
quotation #60152 almaco.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
quotation #60152 almaco.exe
Resource
win10v20210410
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.tokasecurity.co.za - Port:
587 - Username:
toka.b@tokasecurity.co.za - Password:
Bafo1970@1
Targets
-
-
Target
quotation #60152 almaco.exe
-
Size
836KB
-
MD5
3207003cc8d695d5b12699816f32044c
-
SHA1
3e269c355c8365f2cfd64ab986126ebfcfc9b08f
-
SHA256
d935261d62e1721db7f65671dc26c56c532b98d8b3335fce23455b2404a39ed2
-
SHA512
66a1ac063fb5565351d3dde5331938fdfeb19dca76d968d9ba8f326bcf985ccb0c06b26611792fe3eb643fcb3533369887c10ede46b9038ae5598ca814fa14e2
Score10/10-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-