General
-
Target
25600986542234567898.exe
-
Size
1.6MB
-
Sample
211130-hjm7haeagn
-
MD5
1d421b63ec61428818be47ef0cb45978
-
SHA1
ab25718cab34aec63f7193cbbc44d4cd4e119c70
-
SHA256
73a1e53f0e6df52d6c951f2fe30d3924d722fc34ae1ec6a07841e9db0e6d93bf
-
SHA512
f7566632e9e02de710b81527d7b7d7bc57aec12cd70feaf41371b9d3a01989b93a6c3d029e92073a55db462df3a5bdca53e16180c6bfb109f33f3bb453319fc6
Static task
static1
Behavioral task
behavioral1
Sample
25600986542234567898.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
25600986542234567898.exe
Resource
win10-en-20211014
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.tnsgrup.com - Port:
587 - Username:
seyfimamur@tnsgrup.com - Password:
seyfiguve123
Targets
-
-
Target
25600986542234567898.exe
-
Size
1.6MB
-
MD5
1d421b63ec61428818be47ef0cb45978
-
SHA1
ab25718cab34aec63f7193cbbc44d4cd4e119c70
-
SHA256
73a1e53f0e6df52d6c951f2fe30d3924d722fc34ae1ec6a07841e9db0e6d93bf
-
SHA512
f7566632e9e02de710b81527d7b7d7bc57aec12cd70feaf41371b9d3a01989b93a6c3d029e92073a55db462df3a5bdca53e16180c6bfb109f33f3bb453319fc6
Score10/10-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-