General
-
Target
quotation #60321.exe
-
Size
585KB
-
Sample
210622-wwyaw7s3hn
-
MD5
fed34025cb3d3cf2fe9f0e87160c1483
-
SHA1
b724297b281866d6871b35c232befc7902e6868f
-
SHA256
86588eae3bae93b8c0cad5c11658411ec1f298dbb98875edcebe8e079fd9aa85
-
SHA512
907e8fcb704e34f06577d322e198d36c0422d58cb76f790683be77b5ba173d288ff7e867d9a3fe38369230709a13dff20b119ba7e36b3311066df92be6d07cf2
Static task
static1
Behavioral task
behavioral1
Sample
quotation #60321.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
quotation #60321.exe
Resource
win10v20210408
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.tokasecurity.co.za - Port:
587 - Username:
toka.b@tokasecurity.co.za - Password:
Bafo1970@1
Targets
-
-
Target
quotation #60321.exe
-
Size
585KB
-
MD5
fed34025cb3d3cf2fe9f0e87160c1483
-
SHA1
b724297b281866d6871b35c232befc7902e6868f
-
SHA256
86588eae3bae93b8c0cad5c11658411ec1f298dbb98875edcebe8e079fd9aa85
-
SHA512
907e8fcb704e34f06577d322e198d36c0422d58cb76f790683be77b5ba173d288ff7e867d9a3fe38369230709a13dff20b119ba7e36b3311066df92be6d07cf2
Score10/10-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-