General
-
Target
kMn1gm5mHhgTXg8.exe
-
Size
467KB
-
Sample
211130-n5qgmsegfq
-
MD5
beb309066ea44a6b32a0b7bee39906e0
-
SHA1
020d38df2214822e7e610aa509e9addd81d5dfaf
-
SHA256
8644db743734d775f01eef75790d78a62687ae3e04932fbbb6c031889746b7b7
-
SHA512
ff7d12b3b94c8ac5d82ea3866000f4b87cab3120337ac68f1b42890a0da415dbbafb068a5e93c12105bd9b8c9f8f0a3b2cb1fc5ae7f9721a5f00722191a03f64
Static task
static1
Behavioral task
behavioral1
Sample
kMn1gm5mHhgTXg8.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
kMn1gm5mHhgTXg8.exe
Resource
win10-en-20211014
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.turkal.com - Port:
587 - Username:
info@turkal.com - Password:
Turkal2020!
Targets
-
-
Target
kMn1gm5mHhgTXg8.exe
-
Size
467KB
-
MD5
beb309066ea44a6b32a0b7bee39906e0
-
SHA1
020d38df2214822e7e610aa509e9addd81d5dfaf
-
SHA256
8644db743734d775f01eef75790d78a62687ae3e04932fbbb6c031889746b7b7
-
SHA512
ff7d12b3b94c8ac5d82ea3866000f4b87cab3120337ac68f1b42890a0da415dbbafb068a5e93c12105bd9b8c9f8f0a3b2cb1fc5ae7f9721a5f00722191a03f64
Score10/10-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-