General
-
Target
442345678098743RYlzvROIMVrdhBd.exe
-
Size
365KB
-
Sample
211130-hjm7hahca8
-
MD5
0c2eb359c3810add524ac20b40aa0663
-
SHA1
741b5b4f581f3d0ed175665d47deaec7568c3e4c
-
SHA256
ae4c5d891472d6353719b44db07e33d931e82b78a2072686c0b6ed7dab8b185f
-
SHA512
27088a6a1c1b2949a7d72ecd9523c238431947cf00bb947028e32f09f2e7fe231116cda193cf596a38fb51b43b9678470f2ab178c04ec29ab37792938ceefecc
Static task
static1
Behavioral task
behavioral1
Sample
442345678098743RYlzvROIMVrdhBd.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
442345678098743RYlzvROIMVrdhBd.exe
Resource
win10-en-20211014
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.tnsgrup.com - Port:
587 - Username:
seyfimamur@tnsgrup.com - Password:
seyfiguve123
Targets
-
-
Target
442345678098743RYlzvROIMVrdhBd.exe
-
Size
365KB
-
MD5
0c2eb359c3810add524ac20b40aa0663
-
SHA1
741b5b4f581f3d0ed175665d47deaec7568c3e4c
-
SHA256
ae4c5d891472d6353719b44db07e33d931e82b78a2072686c0b6ed7dab8b185f
-
SHA512
27088a6a1c1b2949a7d72ecd9523c238431947cf00bb947028e32f09f2e7fe231116cda193cf596a38fb51b43b9678470f2ab178c04ec29ab37792938ceefecc
Score10/10-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-