General
-
Target
TDH_71036210065IMG.exe
-
Size
401KB
-
Sample
211019-nxv26agfdp
-
MD5
7afe2c262a2733bc25fe30a077621766
-
SHA1
7d7286e8b502d55d324e53a077d33b6d35780d6f
-
SHA256
fa5955a750c70b0f3e673f7ae3384a8b2dc952609d98552535e4c1ed928ef2f3
-
SHA512
a69bcdfa24407f65524d4f9d56c05cfba3096ba8e6d7327f3010a9813e521988d55ab3ed59cd3c3963be9ad418b8374f3ee0a88a8d53dfb511e88b8897410ccf
Static task
static1
Behavioral task
behavioral1
Sample
TDH_71036210065IMG.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
TDH_71036210065IMG.exe
Resource
win10-en-20211014
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
efinancet.shop - Port:
587 - Username:
[email protected] - Password:
BG##kz5dHzND
Targets
-
-
Target
TDH_71036210065IMG.exe
-
Size
401KB
-
MD5
7afe2c262a2733bc25fe30a077621766
-
SHA1
7d7286e8b502d55d324e53a077d33b6d35780d6f
-
SHA256
fa5955a750c70b0f3e673f7ae3384a8b2dc952609d98552535e4c1ed928ef2f3
-
SHA512
a69bcdfa24407f65524d4f9d56c05cfba3096ba8e6d7327f3010a9813e521988d55ab3ed59cd3c3963be9ad418b8374f3ee0a88a8d53dfb511e88b8897410ccf
Score10/10-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-