General
-
Target
SecuriteInfo.com.PWS-FCUCCE8D4F1DB8C1.18903.18567
-
Size
786KB
-
Sample
210728-a4yybprr4j
-
MD5
ce8d4f1db8c1bd6cf2f5e50124505aea
-
SHA1
653e11aebdcad7546f5cb86c6cd2efb079a4a388
-
SHA256
c12973c872a114782c7346f092ebda5e87c947b5aaaf1b80b486c23c79e9400e
-
SHA512
13eb5835538e9de007903ddec42282bbe372233c1835db9424d050cb120ed01e3cdfc762470a0b270bed09c5f2c64a9569c133ab67d31cfaeef59d1c8dbbd617
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.PWS-FCUCCE8D4F1DB8C1.18903.18567.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
SecuriteInfo.com.PWS-FCUCCE8D4F1DB8C1.18903.18567.exe
Resource
win10v20210410
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
smtp.vivaldi.net - Port:
25 - Username:
africaman101@vivaldi.net - Password:
Africanman101
Targets
-
-
Target
SecuriteInfo.com.PWS-FCUCCE8D4F1DB8C1.18903.18567
-
Size
786KB
-
MD5
ce8d4f1db8c1bd6cf2f5e50124505aea
-
SHA1
653e11aebdcad7546f5cb86c6cd2efb079a4a388
-
SHA256
c12973c872a114782c7346f092ebda5e87c947b5aaaf1b80b486c23c79e9400e
-
SHA512
13eb5835538e9de007903ddec42282bbe372233c1835db9424d050cb120ed01e3cdfc762470a0b270bed09c5f2c64a9569c133ab67d31cfaeef59d1c8dbbd617
Score10/10-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-