General
-
Target
MACHINE SPECIFICATION.exe
-
Size
1.2MB
-
Sample
210727-ym7v4c2w3a
-
MD5
6a11c624b323f7c78e5a3f0d46f59fbe
-
SHA1
c93b35bf571a244b3bfc27c9039f5c1907fad50c
-
SHA256
f66c718e38d68b259ceb5ca45b599645e8c569e9bcccfe2d36309f32157dd60e
-
SHA512
2eac7917c1f47456fcc2fa2cbd02767e62c7e84cadb6803d4d16d7e17c088ce4c89ac34e018eeb2c3332a400b93f0ed64d58e7e2d0dec37200795a0fc1a384ba
Static task
static1
Behavioral task
behavioral1
Sample
MACHINE SPECIFICATION.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
MACHINE SPECIFICATION.exe
Resource
win10v20210408
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.forkmeasuring.com - Port:
587 - Username:
eu@forkmeasuring.com - Password:
eu20192019#
Targets
-
-
Target
MACHINE SPECIFICATION.exe
-
Size
1.2MB
-
MD5
6a11c624b323f7c78e5a3f0d46f59fbe
-
SHA1
c93b35bf571a244b3bfc27c9039f5c1907fad50c
-
SHA256
f66c718e38d68b259ceb5ca45b599645e8c569e9bcccfe2d36309f32157dd60e
-
SHA512
2eac7917c1f47456fcc2fa2cbd02767e62c7e84cadb6803d4d16d7e17c088ce4c89ac34e018eeb2c3332a400b93f0ed64d58e7e2d0dec37200795a0fc1a384ba
Score10/10-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-