General
-
Target
SaLWleymqOiflYa.exe
-
Size
314KB
-
Sample
211020-ygy4zshef6
-
MD5
67151cfb27ae6f0c7fc0f314a1e3dd4d
-
SHA1
a8fa4e3526d6662108c45eaf97a62c79ed91064f
-
SHA256
d097d6061d833da65b18b777c9ecd637ac00370727b103169068aae445e71ed5
-
SHA512
f4f4e7d08640eb15d66a75d26c0e168c99cfc45a7d889ee2a38021630eacfa008c942bc29f8198ad468b5ce786c73a9828031ae6f74631a9fcf04dbe4140085b
Static task
static1
Behavioral task
behavioral1
Sample
SaLWleymqOiflYa.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
SaLWleymqOiflYa.exe
Resource
win10-en-20210920
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
smtp.vivaldi.net - Port:
587 - Username:
swiftrizer@vivaldi.net - Password:
#munachimso#
Targets
-
-
Target
SaLWleymqOiflYa.exe
-
Size
314KB
-
MD5
67151cfb27ae6f0c7fc0f314a1e3dd4d
-
SHA1
a8fa4e3526d6662108c45eaf97a62c79ed91064f
-
SHA256
d097d6061d833da65b18b777c9ecd637ac00370727b103169068aae445e71ed5
-
SHA512
f4f4e7d08640eb15d66a75d26c0e168c99cfc45a7d889ee2a38021630eacfa008c942bc29f8198ad468b5ce786c73a9828031ae6f74631a9fcf04dbe4140085b
Score10/10-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-