General
-
Target
PHOER098576743.SCR
-
Size
370KB
-
Sample
211021-lm85xsaba7
-
MD5
359fedb7b9b070ba878501c49ad613ba
-
SHA1
960c747a52cfb82edbcba9f2e8ef6d4b65e85995
-
SHA256
bd757e2555712d97f1e557ceac39378bb7fa0e2f01492ebde67b07c56ea58925
-
SHA512
85c23333f93d784c81880f60609ce77eac48efa20c121025ddd13bce0decc5169322b81b1c2ed3137fd54927afba9a61c851760c39b66e74c0c6eaa59b8b581f
Static task
static1
Behavioral task
behavioral1
Sample
PHOER098576743.SCR
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
PHOER098576743.SCR
Resource
win10-en-20211014
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.itzayanaland.com - Port:
587 - Username:
securitys@itzayanaland.com - Password:
+g3CK;uOeC2j
Targets
-
-
Target
PHOER098576743.SCR
-
Size
370KB
-
MD5
359fedb7b9b070ba878501c49ad613ba
-
SHA1
960c747a52cfb82edbcba9f2e8ef6d4b65e85995
-
SHA256
bd757e2555712d97f1e557ceac39378bb7fa0e2f01492ebde67b07c56ea58925
-
SHA512
85c23333f93d784c81880f60609ce77eac48efa20c121025ddd13bce0decc5169322b81b1c2ed3137fd54927afba9a61c851760c39b66e74c0c6eaa59b8b581f
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-