General
-
Target
040a3d53daba1ccab511032ac29845f3.exe
-
Size
33KB
-
Sample
211128-jczgmagffl
-
MD5
040a3d53daba1ccab511032ac29845f3
-
SHA1
e8f23c091430024cab4cdd8450abb7961c053624
-
SHA256
16e880fa69243f43c404118897fbc99fca5dc6cb403165b3e305907928aa8c90
-
SHA512
cbae39d8e23f75ba01118168acfecc20e9286f2582fd50864d8217b41ea4775e0fcf5e8a9c3436ed4b588eaa39d8f40877c0169c7398cc5d3860edf32e333edb
Static task
static1
Behavioral task
behavioral1
Sample
040a3d53daba1ccab511032ac29845f3.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
040a3d53daba1ccab511032ac29845f3.exe
Resource
win10-en-20211014
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
kels@siemens-energy.cam - Password:
internationally124365
Targets
-
-
Target
040a3d53daba1ccab511032ac29845f3.exe
-
Size
33KB
-
MD5
040a3d53daba1ccab511032ac29845f3
-
SHA1
e8f23c091430024cab4cdd8450abb7961c053624
-
SHA256
16e880fa69243f43c404118897fbc99fca5dc6cb403165b3e305907928aa8c90
-
SHA512
cbae39d8e23f75ba01118168acfecc20e9286f2582fd50864d8217b41ea4775e0fcf5e8a9c3436ed4b588eaa39d8f40877c0169c7398cc5d3860edf32e333edb
Score10/10-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-