General
-
Target
6eba0e7094858880964c58e41c552db4.exe
-
Size
49KB
-
Sample
211020-g53cwahfcr
-
MD5
6eba0e7094858880964c58e41c552db4
-
SHA1
24bcd038d9b29d3b6eec68966f7b71b167396ab5
-
SHA256
fd231e801904a830dff83d1820747640d913afe2d3cae55b30625cbf775f1ba3
-
SHA512
3aedf6562308f5317f07b0e1a17388aaafc9725b15034c998fe5768683e49017bc2c6be1cbea073ce37d843ecb9521700f196d893fadd7a6e4c4dc58a5b07079
Static task
static1
Behavioral task
behavioral1
Sample
6eba0e7094858880964c58e41c552db4.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
6eba0e7094858880964c58e41c552db4.exe
Resource
win10-en-20210920
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.mupa.com.tr - Port:
587 - Username:
[email protected] - Password:
963.Mm@
Targets
-
-
Target
6eba0e7094858880964c58e41c552db4.exe
-
Size
49KB
-
MD5
6eba0e7094858880964c58e41c552db4
-
SHA1
24bcd038d9b29d3b6eec68966f7b71b167396ab5
-
SHA256
fd231e801904a830dff83d1820747640d913afe2d3cae55b30625cbf775f1ba3
-
SHA512
3aedf6562308f5317f07b0e1a17388aaafc9725b15034c998fe5768683e49017bc2c6be1cbea073ce37d843ecb9521700f196d893fadd7a6e4c4dc58a5b07079
Score10/10-
Turns off Windows Defender SpyNet reporting
-
Nirsoft
-
Executes dropped EXE
-
Drops startup file
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-