General
-
Target
PO031656.exe
-
Size
896KB
-
Sample
210622-f2hc57aq7s
-
MD5
8b351752b1721536fb923560f4a12f69
-
SHA1
fe9e5cf16d15177781dfdee64f937fbb80d0b32e
-
SHA256
bef8873a0b223b7f3d49854b3de46890b6f3363eadedf395a768b05b87c93d5f
-
SHA512
7a10954d2723021ac617c6f5b62c3f0b6aedf8be1cae4c5c5e30d413523e80be3ef4a68593d31c8b36fca4313c72a948dfaa80bcd1dbb74f2861681d7275dfdc
Static task
static1
Behavioral task
behavioral1
Sample
PO031656.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
PO031656.exe
Resource
win10v20210410
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
nicolas.sautter@chsauter-bc.com - Password:
111aaa
Targets
-
-
Target
PO031656.exe
-
Size
896KB
-
MD5
8b351752b1721536fb923560f4a12f69
-
SHA1
fe9e5cf16d15177781dfdee64f937fbb80d0b32e
-
SHA256
bef8873a0b223b7f3d49854b3de46890b6f3363eadedf395a768b05b87c93d5f
-
SHA512
7a10954d2723021ac617c6f5b62c3f0b6aedf8be1cae4c5c5e30d413523e80be3ef4a68593d31c8b36fca4313c72a948dfaa80bcd1dbb74f2861681d7275dfdc
Score10/10-
Snake Keylogger Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-