General
-
Target
Halbank Ekstre 2021101 073653 270424.exe
-
Size
389KB
-
Sample
211125-vejdzafhap
-
MD5
75769838f0ecb3baaf552175590bfb23
-
SHA1
377b4c6e4c527c791ddb2c595693119e0c07d66f
-
SHA256
41af3017eac823c7ab919b26e0fe19b74674491c79acf2303ea9546673e9125b
-
SHA512
ed20932be608e36baaab0f5e8b4b16a097158d8b9fc5e5319ea04fce0cecca1bdc0254cc4b9c7855319ee226882fee81588a41dc2456207ce82b4cff2a8a3670
Static task
static1
Behavioral task
behavioral1
Sample
Halbank Ekstre 2021101 073653 270424.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
Halbank Ekstre 2021101 073653 270424.exe
Resource
win10-en-20211014
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.palladiumss.com - Port:
587 - Username:
raman@palladiumss.com - Password:
raman@1210
Targets
-
-
Target
Halbank Ekstre 2021101 073653 270424.exe
-
Size
389KB
-
MD5
75769838f0ecb3baaf552175590bfb23
-
SHA1
377b4c6e4c527c791ddb2c595693119e0c07d66f
-
SHA256
41af3017eac823c7ab919b26e0fe19b74674491c79acf2303ea9546673e9125b
-
SHA512
ed20932be608e36baaab0f5e8b4b16a097158d8b9fc5e5319ea04fce0cecca1bdc0254cc4b9c7855319ee226882fee81588a41dc2456207ce82b4cff2a8a3670
Score10/10-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-