General
-
Target
PO 53286.exe
-
Size
486KB
-
Sample
211203-hxm4nafcgk
-
MD5
4a84e7c717ba75bda2f0756f7a36bbaa
-
SHA1
75d245e47c83994a0451ff1a250a54428d9e326a
-
SHA256
305bba7f9a53743b76c46eca1da9f39646f72bb63a052a6bf993651e4fca07ef
-
SHA512
140d4f193dc55804cbc9a61d2136de9d30026c6fdd467d3a92fd136adfb155a4c04a69a35f3faf82c26ac239a3a4491429bfaa65b34215a881ac264e9c7907bf
Static task
static1
Behavioral task
behavioral1
Sample
PO 53286.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
PO 53286.exe
Resource
win10-en-20211104
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
admin@siemens-energy.cam - Password:
antivenom
Targets
-
-
Target
PO 53286.exe
-
Size
486KB
-
MD5
4a84e7c717ba75bda2f0756f7a36bbaa
-
SHA1
75d245e47c83994a0451ff1a250a54428d9e326a
-
SHA256
305bba7f9a53743b76c46eca1da9f39646f72bb63a052a6bf993651e4fca07ef
-
SHA512
140d4f193dc55804cbc9a61d2136de9d30026c6fdd467d3a92fd136adfb155a4c04a69a35f3faf82c26ac239a3a4491429bfaa65b34215a881ac264e9c7907bf
Score10/10-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-