General
-
Target
SANTSSWK20100001.exe
-
Size
368KB
-
Sample
211130-welprsagh5
-
MD5
b3456b89c03dfaae07c0e20f5e683ed5
-
SHA1
b73f6a93836d7853b9293d7d63694043deb65142
-
SHA256
5fc11bb7c0ee99293a35fa1fb80d215c149ae7270a9b9ff898d340025c6863f7
-
SHA512
db7fbc68c6efce3e5387c8ffe9d1970421694921d91eb61a54e1869372d928a28db858ac3df89f7422c4c6248495db3b3bc6f24ce461dc0cec3e9e95d2fc5d6e
Static task
static1
Behavioral task
behavioral1
Sample
SANTSSWK20100001.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
SANTSSWK20100001.exe
Resource
win10-en-20211014
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
krsmakina.com - Port:
587 - Username:
sefa.karasu@krsmakina.com - Password:
9Kk~b[2G^F?e
Targets
-
-
Target
SANTSSWK20100001.exe
-
Size
368KB
-
MD5
b3456b89c03dfaae07c0e20f5e683ed5
-
SHA1
b73f6a93836d7853b9293d7d63694043deb65142
-
SHA256
5fc11bb7c0ee99293a35fa1fb80d215c149ae7270a9b9ff898d340025c6863f7
-
SHA512
db7fbc68c6efce3e5387c8ffe9d1970421694921d91eb61a54e1869372d928a28db858ac3df89f7422c4c6248495db3b3bc6f24ce461dc0cec3e9e95d2fc5d6e
Score10/10-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-