General
-
Target
whesilox.exe
-
Size
715KB
-
Sample
210722-9laz5rkb3x
-
MD5
facd1c07ffcfb16de518d0c977814d92
-
SHA1
27aa313a64ff37d6c31bd1a0a9953f00a48b3408
-
SHA256
e7488c44d2b9f78f7c5e96126798220cbc3a7faf749beab4b8545207a73ce0d1
-
SHA512
b6332e6de6b41014db759a1fb0c25996ee20f8be1c4f1a792d957a2b7edbb366b0378884e82fc497f707589ad1afd0bfc3b83c69919e897f8b9acf13edb10f33
Static task
static1
Behavioral task
behavioral1
Sample
whesilox.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
whesilox.exe
Resource
win10v20210410
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
bh-16.webhostbox.net - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@#$
Targets
-
-
Target
whesilox.exe
-
Size
715KB
-
MD5
facd1c07ffcfb16de518d0c977814d92
-
SHA1
27aa313a64ff37d6c31bd1a0a9953f00a48b3408
-
SHA256
e7488c44d2b9f78f7c5e96126798220cbc3a7faf749beab4b8545207a73ce0d1
-
SHA512
b6332e6de6b41014db759a1fb0c25996ee20f8be1c4f1a792d957a2b7edbb366b0378884e82fc497f707589ad1afd0bfc3b83c69919e897f8b9acf13edb10f33
Score10/10-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-