General
-
Target
ae6f4445c72dcbd27a6bbfce80df3c34.exe
-
Size
33KB
-
Sample
211129-v8w7xsfef3
-
MD5
ae6f4445c72dcbd27a6bbfce80df3c34
-
SHA1
a34cbf5310831a59820a317ecb496924a91ac908
-
SHA256
1fa23c2625ed8cf8457c1cba9fd0c27b3e1ee54a64f97f0c55397e529cd3bff5
-
SHA512
74c0ec9b1feb1e74e6e994de1a6a9d05571a96d01f07acafd0cb818e1778078f9121c4b9e5f71f315058cbe8f1c2d9c9942db3a405675ef45f2dfb2e5f8c1c98
Static task
static1
Behavioral task
behavioral1
Sample
ae6f4445c72dcbd27a6bbfce80df3c34.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
ae6f4445c72dcbd27a6bbfce80df3c34.exe
Resource
win10-en-20211104
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
kels@siemens-energy.cam - Password:
internationally124365
Targets
-
-
Target
ae6f4445c72dcbd27a6bbfce80df3c34.exe
-
Size
33KB
-
MD5
ae6f4445c72dcbd27a6bbfce80df3c34
-
SHA1
a34cbf5310831a59820a317ecb496924a91ac908
-
SHA256
1fa23c2625ed8cf8457c1cba9fd0c27b3e1ee54a64f97f0c55397e529cd3bff5
-
SHA512
74c0ec9b1feb1e74e6e994de1a6a9d05571a96d01f07acafd0cb818e1778078f9121c4b9e5f71f315058cbe8f1c2d9c9942db3a405675ef45f2dfb2e5f8c1c98
Score10/10-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-