General
-
Target
GjcNWOvgPR2KiVV.exe
-
Size
337KB
-
Sample
211130-va45waaga4
-
MD5
f25ad3b544326894e43402949ff39d63
-
SHA1
7d2759c0d52e12f9a45e9fa8d632633ea9b260d2
-
SHA256
c1780ef2dc13dc3b92eab8e08fb247e3caa62587bc0be3c6f5260f2b95450c3b
-
SHA512
c7fb409d5a9f9ab6b952d18b21fc29b11eb55b363f12bc9c73445887878d01de3b4380f197eaaa849edbaaccb2f6775c686e448c1f6d338b7667b2b45f60535f
Static task
static1
Behavioral task
behavioral1
Sample
GjcNWOvgPR2KiVV.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
GjcNWOvgPR2KiVV.exe
Resource
win10-en-20211104
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.turkal.com - Port:
587 - Username:
info@turkal.com - Password:
Turkal2020!
Targets
-
-
Target
GjcNWOvgPR2KiVV.exe
-
Size
337KB
-
MD5
f25ad3b544326894e43402949ff39d63
-
SHA1
7d2759c0d52e12f9a45e9fa8d632633ea9b260d2
-
SHA256
c1780ef2dc13dc3b92eab8e08fb247e3caa62587bc0be3c6f5260f2b95450c3b
-
SHA512
c7fb409d5a9f9ab6b952d18b21fc29b11eb55b363f12bc9c73445887878d01de3b4380f197eaaa849edbaaccb2f6775c686e448c1f6d338b7667b2b45f60535f
Score10/10-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-