General
-
Target
3446b3427eb52e09af7b7424d8bd6dc3
-
Size
558KB
-
Sample
211021-klfasaahar
-
MD5
3446b3427eb52e09af7b7424d8bd6dc3
-
SHA1
780f36db6bdafed0966c2951e86142b43105f0f2
-
SHA256
0cc6f444f52c66cd955fa64184e8784b8ec735a0d8b2f1f4c060532fcd54e9f8
-
SHA512
7596395c37d037bff11dcf9e3f59039602b965c9cd36fedf344ef83dff3cce5c80aec345d4eaee4ecc2b5036b6a34473f7f31d3291d651baeddad762e5c7fbfe
Static task
static1
Behavioral task
behavioral1
Sample
3446b3427eb52e09af7b7424d8bd6dc3.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
3446b3427eb52e09af7b7424d8bd6dc3.exe
Resource
win10-en-20210920
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
budgetn.shop - Port:
587 - Username:
founder@budgetn.shop - Password:
eC~Z,TG&S9jM
Targets
-
-
Target
3446b3427eb52e09af7b7424d8bd6dc3
-
Size
558KB
-
MD5
3446b3427eb52e09af7b7424d8bd6dc3
-
SHA1
780f36db6bdafed0966c2951e86142b43105f0f2
-
SHA256
0cc6f444f52c66cd955fa64184e8784b8ec735a0d8b2f1f4c060532fcd54e9f8
-
SHA512
7596395c37d037bff11dcf9e3f59039602b965c9cd36fedf344ef83dff3cce5c80aec345d4eaee4ecc2b5036b6a34473f7f31d3291d651baeddad762e5c7fbfe
Score10/10-
Executes dropped EXE
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-