General
-
Target
New_Requests_5022781IMG.exe
-
Size
641KB
-
Sample
211018-cble2sdhbk
-
MD5
63f7a5ab58576fae2db4c1ef3e4de1bb
-
SHA1
59579ae0a2d86cbce11c7cd3ed38a8f3ce52419e
-
SHA256
c672ddcbe01265a48db1fc7263bcc79a3dae188a51a67ccdd10c41792544524f
-
SHA512
35a8e6ae07b27b412babbd82974168eb4cbdfbad5a18c76ba755ea61c89ab940a2bc365c4d32c7fd3fb110179d97fe3ba093f7a2bcfc7ad99c0ca71f906aeade
Static task
static1
Behavioral task
behavioral1
Sample
New_Requests_5022781IMG.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
New_Requests_5022781IMG.exe
Resource
win10-en-20211014
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
restd.xyz - Port:
587 - Username:
[email protected] - Password:
gg@6{ZL65h,*
Targets
-
-
Target
New_Requests_5022781IMG.exe
-
Size
641KB
-
MD5
63f7a5ab58576fae2db4c1ef3e4de1bb
-
SHA1
59579ae0a2d86cbce11c7cd3ed38a8f3ce52419e
-
SHA256
c672ddcbe01265a48db1fc7263bcc79a3dae188a51a67ccdd10c41792544524f
-
SHA512
35a8e6ae07b27b412babbd82974168eb4cbdfbad5a18c76ba755ea61c89ab940a2bc365c4d32c7fd3fb110179d97fe3ba093f7a2bcfc7ad99c0ca71f906aeade
Score10/10-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-