General
-
Target
templezx.exe
-
Size
563KB
-
Sample
210727-63s7vr4lx2
-
MD5
2b1679e8ba0a15c211922ced9909c89e
-
SHA1
e1ea8f4ecd4b01f87275d3bd13c101facfbe9408
-
SHA256
70351038cf49fc5bf127e4f7df1c563ec036293cbc00010ade2364e0ee311a27
-
SHA512
924c86ab4eacb6db3a3327ba493e1fecd21c513335decd114b6e028ae2f29ad2be5549d6857afbd56203ffd05b0582682f41aeb6f3ed2a5254badbac663d5da9
Static task
static1
Behavioral task
behavioral1
Sample
templezx.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
templezx.exe
Resource
win10v20210410
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.bundabergtrophies.com.au - Port:
587 - Username:
admin@bundabergtrophies.com.au - Password:
nKlnBbMZLI
Targets
-
-
Target
templezx.exe
-
Size
563KB
-
MD5
2b1679e8ba0a15c211922ced9909c89e
-
SHA1
e1ea8f4ecd4b01f87275d3bd13c101facfbe9408
-
SHA256
70351038cf49fc5bf127e4f7df1c563ec036293cbc00010ade2364e0ee311a27
-
SHA512
924c86ab4eacb6db3a3327ba493e1fecd21c513335decd114b6e028ae2f29ad2be5549d6857afbd56203ffd05b0582682f41aeb6f3ed2a5254badbac663d5da9
Score10/10-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-