General
-
Target
7.exe
-
Size
917KB
-
Sample
210722-7xvnhb53sx
-
MD5
3a5c4b65bb4f78ea617ea542d1d9d949
-
SHA1
9d561008de64c07630e543025b2923998c89dfef
-
SHA256
27dd279fa5720fd391fb0b32caad51f90244c7c16a11944c0e337a1ccb4badfd
-
SHA512
299047236954b528d6378a68580dfd03ac6399bd0d1b04a564e1b78e270dccc748901d8170888c2bc3e3656c3e79e016fccd156b31224adbfaeec69a127a2a61
Static task
static1
Behavioral task
behavioral1
Sample
7.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
7.exe
Resource
win10v20210410
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.mundi.hr - Port:
587 - Username:
report@mundi.hr - Password:
P@1625330275
Targets
-
-
Target
7.exe
-
Size
917KB
-
MD5
3a5c4b65bb4f78ea617ea542d1d9d949
-
SHA1
9d561008de64c07630e543025b2923998c89dfef
-
SHA256
27dd279fa5720fd391fb0b32caad51f90244c7c16a11944c0e337a1ccb4badfd
-
SHA512
299047236954b528d6378a68580dfd03ac6399bd0d1b04a564e1b78e270dccc748901d8170888c2bc3e3656c3e79e016fccd156b31224adbfaeec69a127a2a61
Score10/10-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-