General
-
Target
a4a1dd8b01dbfd152216948dd8527d40.exe
-
Size
476KB
-
Sample
211128-jczgmagffj
-
MD5
a4a1dd8b01dbfd152216948dd8527d40
-
SHA1
10c4cd998d9fdcfea79466e21e6c54f71809e0a1
-
SHA256
7c45b0193f119836d53929c4a8faceb3487f16206cd97bda863fc805d5b20bc4
-
SHA512
fecee7edd98eb77aba429f70227cff15cab44c917f40f764ee540e87b89e628021aa9b270745743d276dfd7f979ec5bd86d7a0f9374a3c6e0ecb45dda67b0424
Static task
static1
Behavioral task
behavioral1
Sample
a4a1dd8b01dbfd152216948dd8527d40.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
a4a1dd8b01dbfd152216948dd8527d40.exe
Resource
win10-en-20211104
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
octfirr.xyz - Port:
587 - Username:
dban@octfirr.xyz - Password:
Fk_eyOsyxNqb
Targets
-
-
Target
a4a1dd8b01dbfd152216948dd8527d40.exe
-
Size
476KB
-
MD5
a4a1dd8b01dbfd152216948dd8527d40
-
SHA1
10c4cd998d9fdcfea79466e21e6c54f71809e0a1
-
SHA256
7c45b0193f119836d53929c4a8faceb3487f16206cd97bda863fc805d5b20bc4
-
SHA512
fecee7edd98eb77aba429f70227cff15cab44c917f40f764ee540e87b89e628021aa9b270745743d276dfd7f979ec5bd86d7a0f9374a3c6e0ecb45dda67b0424
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-