General
-
Target
50b6859e9fe084a8e5e63fc9f22fbaa4.exe
-
Size
555KB
-
Sample
211020-g53cwagfd7
-
MD5
50b6859e9fe084a8e5e63fc9f22fbaa4
-
SHA1
0699f87c05168be524254afe07ed9631fade60fa
-
SHA256
bc11c0361ffe6c90e4a26b2657e3f2ec108dbd8f3fd2c66f867bfe749d654e51
-
SHA512
9f9aba640edfb22dcf86931414f3889c99f4f9746f90ad1c6c7f4ab575341d32f5688f08975fcda6279fee37412958ee7ffb537797e793ea55ce9668e6646f65
Static task
static1
Behavioral task
behavioral1
Sample
50b6859e9fe084a8e5e63fc9f22fbaa4.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
50b6859e9fe084a8e5e63fc9f22fbaa4.exe
Resource
win10-en-20210920
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.beautemori.com - Port:
587 - Username:
[email protected] - Password:
0}giS68%OY;g
Targets
-
-
Target
50b6859e9fe084a8e5e63fc9f22fbaa4.exe
-
Size
555KB
-
MD5
50b6859e9fe084a8e5e63fc9f22fbaa4
-
SHA1
0699f87c05168be524254afe07ed9631fade60fa
-
SHA256
bc11c0361ffe6c90e4a26b2657e3f2ec108dbd8f3fd2c66f867bfe749d654e51
-
SHA512
9f9aba640edfb22dcf86931414f3889c99f4f9746f90ad1c6c7f4ab575341d32f5688f08975fcda6279fee37412958ee7ffb537797e793ea55ce9668e6646f65
Score10/10-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-