General
-
Target
40987654556000876666000.exe
-
Size
729KB
-
Sample
211201-vrzxgsebhn
-
MD5
5c6f63834c5bbb998cf3f95d1a2657e7
-
SHA1
5260d3b6a99f2467f113f7ba2cfb0f7b17ef54fd
-
SHA256
5490e6939acf1ba2ff221b15b71c4b44d033ff34e2ce288d76d4bda25e51fa60
-
SHA512
cbb055dbee30a22c9033ebe1b3c6cd85cb4d35afc06298c66ca3c8e58ae62fa7590a9222259c71c452b9e222d63735432a8118c363173ba32c04d2f9be43e2d2
Static task
static1
Behavioral task
behavioral1
Sample
40987654556000876666000.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
40987654556000876666000.exe
Resource
win10-en-20211014
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
serv3.devmexico.com - Port:
587 - Username:
reservaciones@hoteljuaninos.com.mx - Password:
3}l^pI#_4K_!
Targets
-
-
Target
40987654556000876666000.exe
-
Size
729KB
-
MD5
5c6f63834c5bbb998cf3f95d1a2657e7
-
SHA1
5260d3b6a99f2467f113f7ba2cfb0f7b17ef54fd
-
SHA256
5490e6939acf1ba2ff221b15b71c4b44d033ff34e2ce288d76d4bda25e51fa60
-
SHA512
cbb055dbee30a22c9033ebe1b3c6cd85cb4d35afc06298c66ca3c8e58ae62fa7590a9222259c71c452b9e222d63735432a8118c363173ba32c04d2f9be43e2d2
Score10/10-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-