General
-
Target
TT Transmitted Copy TRVTT2127468.exe
-
Size
819KB
-
Sample
210727-2pklegj8va
-
MD5
427992e6cc9f399060c003ae46389403
-
SHA1
07cfcd1b19481ddf586f4b84a1d4a6aef2da722a
-
SHA256
c441b0de54cee442566129507b4f3f0dbcbe6eb42ff24936c6e180a3d93fcdb0
-
SHA512
2465b2f96899603b6473d193bdc6a4b449ec9040dba12a9842da0d5e12e2cfd5b6d6a97a5725c41062d6d5e9be6f123354863ed030041a5531337426c30b9fdd
Static task
static1
Behavioral task
behavioral1
Sample
TT Transmitted Copy TRVTT2127468.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
TT Transmitted Copy TRVTT2127468.exe
Resource
win10v20210410
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
admin@evapimlogs.com - Password:
BkKMmzZ1
Targets
-
-
Target
TT Transmitted Copy TRVTT2127468.exe
-
Size
819KB
-
MD5
427992e6cc9f399060c003ae46389403
-
SHA1
07cfcd1b19481ddf586f4b84a1d4a6aef2da722a
-
SHA256
c441b0de54cee442566129507b4f3f0dbcbe6eb42ff24936c6e180a3d93fcdb0
-
SHA512
2465b2f96899603b6473d193bdc6a4b449ec9040dba12a9842da0d5e12e2cfd5b6d6a97a5725c41062d6d5e9be6f123354863ed030041a5531337426c30b9fdd
Score10/10-
Snake Keylogger Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-