General
-
Target
16d2d4df7930ae194a64eed0b788a4a6.exe
-
Size
33KB
-
Sample
211128-jczgmabga6
-
MD5
16d2d4df7930ae194a64eed0b788a4a6
-
SHA1
6396487cb6ab1d45fc21819fcb628302e68bb43a
-
SHA256
f8f9a55479c8f1d3502b3c47d0ac70be61f40f5fa23b59dc4a766cc0e7f590d2
-
SHA512
f60b35ced9b5ccee3e67461d4ba4325491f7e3edb6589daf3207ce07cce3d742d4d6a6ebea7e0a513799c316594cfd21c1e6ec0428d2a0077c9919163414bc58
Static task
static1
Behavioral task
behavioral1
Sample
16d2d4df7930ae194a64eed0b788a4a6.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
16d2d4df7930ae194a64eed0b788a4a6.exe
Resource
win10-en-20211104
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
kels@siemens-energy.cam - Password:
internationally124365
Targets
-
-
Target
16d2d4df7930ae194a64eed0b788a4a6.exe
-
Size
33KB
-
MD5
16d2d4df7930ae194a64eed0b788a4a6
-
SHA1
6396487cb6ab1d45fc21819fcb628302e68bb43a
-
SHA256
f8f9a55479c8f1d3502b3c47d0ac70be61f40f5fa23b59dc4a766cc0e7f590d2
-
SHA512
f60b35ced9b5ccee3e67461d4ba4325491f7e3edb6589daf3207ce07cce3d742d4d6a6ebea7e0a513799c316594cfd21c1e6ec0428d2a0077c9919163414bc58
Score10/10-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-