General
-
Target
USpPWZaRkFLuDM6.exe
-
Size
493KB
-
Sample
211201-qk5ryafdf4
-
MD5
e6b1adea3e2f52660db88c0bf8cd7549
-
SHA1
b8697dd1d2ac11f5639bfe9cad858a56704e3451
-
SHA256
b6e733ab666b1da84873a1d50a0b82a81c813675139dfd861c2f17ac2821c8f2
-
SHA512
2baee2e15a1f21861116a901054a89b6f772d1b2d3e2bc0329ebb39479847d01688db63ac0892aecfec2a3794f929a0e5a2f6dada1933915ea974df0066bfc97
Static task
static1
Behavioral task
behavioral1
Sample
USpPWZaRkFLuDM6.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
USpPWZaRkFLuDM6.exe
Resource
win10-en-20211104
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.turkal.com - Port:
587 - Username:
info@turkal.com - Password:
Turkal2020!
Targets
-
-
Target
USpPWZaRkFLuDM6.exe
-
Size
493KB
-
MD5
e6b1adea3e2f52660db88c0bf8cd7549
-
SHA1
b8697dd1d2ac11f5639bfe9cad858a56704e3451
-
SHA256
b6e733ab666b1da84873a1d50a0b82a81c813675139dfd861c2f17ac2821c8f2
-
SHA512
2baee2e15a1f21861116a901054a89b6f772d1b2d3e2bc0329ebb39479847d01688db63ac0892aecfec2a3794f929a0e5a2f6dada1933915ea974df0066bfc97
Score10/10-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-