General
-
Target
fatura.exe
-
Size
1.1MB
-
Sample
210727-j1z1kaxz8s
-
MD5
6a9d0ec45e52137abf05b546151dc664
-
SHA1
2ea215c3bac1316746fb0ddb9ad7be216a596220
-
SHA256
9c247a73a2b93a70b14c37b1dbf564f38db8bb9a0e7160de1971655a4e02950a
-
SHA512
4b0a78c6da7c010c81d36d1e9ae70b60059e1e19b589221329bb447d798db0b36015e07fe7c282fc0250b409845376dd8e1651725cd8783883084d9891de994e
Static task
static1
Behavioral task
behavioral1
Sample
fatura.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
fatura.exe
Resource
win10v20210410
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.ergrafica.com.ar - Port:
587 - Username:
trabajos@ergrafica.com.ar - Password:
25834931Cecilia
Targets
-
-
Target
fatura.exe
-
Size
1.1MB
-
MD5
6a9d0ec45e52137abf05b546151dc664
-
SHA1
2ea215c3bac1316746fb0ddb9ad7be216a596220
-
SHA256
9c247a73a2b93a70b14c37b1dbf564f38db8bb9a0e7160de1971655a4e02950a
-
SHA512
4b0a78c6da7c010c81d36d1e9ae70b60059e1e19b589221329bb447d798db0b36015e07fe7c282fc0250b409845376dd8e1651725cd8783883084d9891de994e
Score10/10-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-