General
-
Target
fopcsUpMj6lv84P.exe
-
Size
1.1MB
-
Sample
210728-bnw9nxzera
-
MD5
934e8ac2fdeef16454904dbfdae4f19a
-
SHA1
4fa2deb2b1ae553845bc5b45ae5640aad464cb21
-
SHA256
6693235e62c0d7e14a841185bee306301a9d64fe007ffe9de8798f33fbf81689
-
SHA512
998fd29c4a8e473213d4e78cb921731558773b11e02fe4ef2f2ee373969afcd380d95ffbdb29963c17eb6cea4fa0dcf487ea34b6029ce626dbb8f5c985b0976e
Static task
static1
Behavioral task
behavioral1
Sample
fopcsUpMj6lv84P.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
fopcsUpMj6lv84P.exe
Resource
win10v20210410
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.maplesglobal.net - Port:
587 - Username:
[email protected] - Password:
GHARIFEH@8ZHEQDEH
Targets
-
-
Target
fopcsUpMj6lv84P.exe
-
Size
1.1MB
-
MD5
934e8ac2fdeef16454904dbfdae4f19a
-
SHA1
4fa2deb2b1ae553845bc5b45ae5640aad464cb21
-
SHA256
6693235e62c0d7e14a841185bee306301a9d64fe007ffe9de8798f33fbf81689
-
SHA512
998fd29c4a8e473213d4e78cb921731558773b11e02fe4ef2f2ee373969afcd380d95ffbdb29963c17eb6cea4fa0dcf487ea34b6029ce626dbb8f5c985b0976e
Score10/10-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-