General
-
Target
a1ca8413f4abb9c076812a67649e43a1.exe
-
Size
344KB
-
Sample
211020-ygy4zsadfp
-
MD5
a1ca8413f4abb9c076812a67649e43a1
-
SHA1
4b6ac8c212f304478e3a9186ee1745f7357bdf82
-
SHA256
ddcd5e4084c257af6efcb44ed128de288db9e6147b8b1bf2cefb66df6ed8be21
-
SHA512
8881351ccfa2dc518a21df8e4378fd0136b6b091832ddfcedea9929df8c28f680b0145b034a487c659a556cb54cac9e0615980e22805ff9434ce6b0d590b6f38
Static task
static1
Behavioral task
behavioral1
Sample
a1ca8413f4abb9c076812a67649e43a1.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
a1ca8413f4abb9c076812a67649e43a1.exe
Resource
win10-en-20211014
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.toantalya.com - Port:
587 - Username:
mohammad@toantalya.com - Password:
mohamad123
Targets
-
-
Target
a1ca8413f4abb9c076812a67649e43a1.exe
-
Size
344KB
-
MD5
a1ca8413f4abb9c076812a67649e43a1
-
SHA1
4b6ac8c212f304478e3a9186ee1745f7357bdf82
-
SHA256
ddcd5e4084c257af6efcb44ed128de288db9e6147b8b1bf2cefb66df6ed8be21
-
SHA512
8881351ccfa2dc518a21df8e4378fd0136b6b091832ddfcedea9929df8c28f680b0145b034a487c659a556cb54cac9e0615980e22805ff9434ce6b0d590b6f38
Score10/10-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-