General
-
Target
qqwN5be4oIxaByX.exe
-
Size
816KB
-
Sample
210727-e7ywx7wrs2
-
MD5
2bea67be8c5cb1d75e1b30306f7b4a88
-
SHA1
bd2094cfbfb10a266bd888a3c12bccc561186a59
-
SHA256
699482d44a6cd0c8a5e2c171315d138627e72130d5a3ff9f6bc65b992eb82517
-
SHA512
5b540816b0913b2600f77252e1e0972f9ace0dd342da84f3bee3a4b14606c59e7076d21995352e352d29f15c547a46fd61c03efc29bdff3d306e6fd5984c1f30
Static task
static1
Behavioral task
behavioral1
Sample
qqwN5be4oIxaByX.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
qqwN5be4oIxaByX.exe
Resource
win10v20210410
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
SMTP.VIVALDI.NET - Port:
587 - Username:
AKASSBABA99@VIVALDI.NET - Password:
#munachimso#
Targets
-
-
Target
qqwN5be4oIxaByX.exe
-
Size
816KB
-
MD5
2bea67be8c5cb1d75e1b30306f7b4a88
-
SHA1
bd2094cfbfb10a266bd888a3c12bccc561186a59
-
SHA256
699482d44a6cd0c8a5e2c171315d138627e72130d5a3ff9f6bc65b992eb82517
-
SHA512
5b540816b0913b2600f77252e1e0972f9ace0dd342da84f3bee3a4b14606c59e7076d21995352e352d29f15c547a46fd61c03efc29bdff3d306e6fd5984c1f30
Score10/10-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-