General
-
Target
0a5d834587ed9c39cbd9e05b5db46df8
-
Size
2.2MB
-
Sample
211021-ktwmqsahcm
-
MD5
0a5d834587ed9c39cbd9e05b5db46df8
-
SHA1
a2f17d9474decfefdbba23b31dfc47dd662bb265
-
SHA256
d33e00381cdafc0c33431016e4781e12e7d335e83ba405ae242ed54044af98d2
-
SHA512
376866e27e8244c6630576294ad3a8edee53bdf30f210f46011f5cfc599db2c4853c523b0e792f17a1f1ad2021066f875c67d9a5b0e61d25a95a0d1e09c8df5b
Static task
static1
Behavioral task
behavioral1
Sample
0a5d834587ed9c39cbd9e05b5db46df8.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
0a5d834587ed9c39cbd9e05b5db46df8.exe
Resource
win10-en-20211014
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
reptw.xyz - Port:
587 - Username:
svbentin6@netjul.xyz - Password:
=W;D)NMYK*HI
Targets
-
-
Target
0a5d834587ed9c39cbd9e05b5db46df8
-
Size
2.2MB
-
MD5
0a5d834587ed9c39cbd9e05b5db46df8
-
SHA1
a2f17d9474decfefdbba23b31dfc47dd662bb265
-
SHA256
d33e00381cdafc0c33431016e4781e12e7d335e83ba405ae242ed54044af98d2
-
SHA512
376866e27e8244c6630576294ad3a8edee53bdf30f210f46011f5cfc599db2c4853c523b0e792f17a1f1ad2021066f875c67d9a5b0e61d25a95a0d1e09c8df5b
Score10/10-
Executes dropped EXE
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-