General
-
Target
Specifications_Details_20337_FLQ.exe
-
Size
503KB
-
Sample
210722-144bdawcs6
-
MD5
432dafd9a9d895a6be98225d93533bc9
-
SHA1
f8372831247316dad9651f0f7dc8c94adfcc26bd
-
SHA256
f21588a5a2118f8b06488d6ee22be10c90016e672c40e20ea92572fd955edde3
-
SHA512
b5f7b6610d0dd89a639815602d94c6ffd8f7a5afd807bfaef6c58589f0a44a126b90b7cb10b893899e6317abf262facc497ed66a015ca4c7f64caa44848120a3
Static task
static1
Behavioral task
behavioral1
Sample
Specifications_Details_20337_FLQ.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Specifications_Details_20337_FLQ.exe
Resource
win10v20210408
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
D#$M779Bx*!2^111
Targets
-
-
Target
Specifications_Details_20337_FLQ.exe
-
Size
503KB
-
MD5
432dafd9a9d895a6be98225d93533bc9
-
SHA1
f8372831247316dad9651f0f7dc8c94adfcc26bd
-
SHA256
f21588a5a2118f8b06488d6ee22be10c90016e672c40e20ea92572fd955edde3
-
SHA512
b5f7b6610d0dd89a639815602d94c6ffd8f7a5afd807bfaef6c58589f0a44a126b90b7cb10b893899e6317abf262facc497ed66a015ca4c7f64caa44848120a3
Score10/10-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-