General
-
Target
Invoice.exe
-
Size
1.2MB
-
Sample
210622-xnxzb7wy9x
-
MD5
1bcce4d52753f12d8f23e6637f094f1e
-
SHA1
a1a91a13707b4c25fd30ee5281cb9e4515903e01
-
SHA256
4eaefd6f0e650e017e1c63205fd41f9f557568b15bf75afe80cfdf923fe114e5
-
SHA512
9ba3ae65e4cc6ed3a9755a06671cb2e51ce0f2e078b4fcf7b87b7e13e4f44027199ca1a0512ed27ff20d3b75b4abe65f6fd8756bb68a38110baf3f0de35f68ad
Static task
static1
Behavioral task
behavioral1
Sample
Invoice.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Invoice.exe
Resource
win10v20210408
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.iykmoreentrprise.org - Port:
587 - Username:
zalatexinteriors@iykmoreentrprise.org - Password:
Z&6s7s.YLZZi
Targets
-
-
Target
Invoice.exe
-
Size
1.2MB
-
MD5
1bcce4d52753f12d8f23e6637f094f1e
-
SHA1
a1a91a13707b4c25fd30ee5281cb9e4515903e01
-
SHA256
4eaefd6f0e650e017e1c63205fd41f9f557568b15bf75afe80cfdf923fe114e5
-
SHA512
9ba3ae65e4cc6ed3a9755a06671cb2e51ce0f2e078b4fcf7b87b7e13e4f44027199ca1a0512ed27ff20d3b75b4abe65f6fd8756bb68a38110baf3f0de35f68ad
Score10/10-
Snake Keylogger Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-