General
-
Target
PO_1223223.exe
-
Size
1.0MB
-
Sample
210727-fqldlab3hx
-
MD5
4d40ec3083581c3ee44936d9cabc9e0b
-
SHA1
b57c1d6d2e4411519487e9d132a3aaf01b80448e
-
SHA256
b51b212526d12237e7bcb3b215980f65e35f717ef6d39d0a2791f8fe3ce52845
-
SHA512
6e4a2d7aad2170a6f5f35b429f5733e7b9918e55f318370684de55669bd0d0295185da957545b83d445880696ee1d8d17b4eb62161de329646ae0b506dfbeb01
Static task
static1
Behavioral task
behavioral1
Sample
PO_1223223.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
PO_1223223.exe
Resource
win10v20210410
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
smtp.vivaldi.net - Port:
25 - Username:
africaman101@vivaldi.net - Password:
Africanman101
Targets
-
-
Target
PO_1223223.exe
-
Size
1.0MB
-
MD5
4d40ec3083581c3ee44936d9cabc9e0b
-
SHA1
b57c1d6d2e4411519487e9d132a3aaf01b80448e
-
SHA256
b51b212526d12237e7bcb3b215980f65e35f717ef6d39d0a2791f8fe3ce52845
-
SHA512
6e4a2d7aad2170a6f5f35b429f5733e7b9918e55f318370684de55669bd0d0295185da957545b83d445880696ee1d8d17b4eb62161de329646ae0b506dfbeb01
Score10/10-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-