General
-
Target
DOCUMENTS.exe
-
Size
634KB
-
Sample
211022-jqzdsacbfl
-
MD5
b053441618809b9dd77c5ebf50239c3a
-
SHA1
69fd352d0bfd639bee79691bda6428c0476c497b
-
SHA256
01828be39e9c87bcfe2f59374c1dc5e9fb963bffcf3bf5a3d0bd3e82e6c27c32
-
SHA512
32391e70680c0d2e2a37ff3bea5209e72b8a8af60af8a7e06625267d49d0e6a903887704b54cf543faeef45e687f79c00416425f86c43818b8ef56d035a50bfe
Static task
static1
Behavioral task
behavioral1
Sample
DOCUMENTS.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
DOCUMENTS.exe
Resource
win10-en-20211014
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
gwen@sovartrade.com - Password:
iwRaBVG6
https://api.telegram.org/bot1620445910:AAF2v81NoINJsu_XXnpGet1YDm-NxnznaIE/sendMessage?chat_id=1063661839
Targets
-
-
Target
DOCUMENTS.exe
-
Size
634KB
-
MD5
b053441618809b9dd77c5ebf50239c3a
-
SHA1
69fd352d0bfd639bee79691bda6428c0476c497b
-
SHA256
01828be39e9c87bcfe2f59374c1dc5e9fb963bffcf3bf5a3d0bd3e82e6c27c32
-
SHA512
32391e70680c0d2e2a37ff3bea5209e72b8a8af60af8a7e06625267d49d0e6a903887704b54cf543faeef45e687f79c00416425f86c43818b8ef56d035a50bfe
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-