General
-
Target
2345678098765T4323456789G.exe
-
Size
396KB
-
Sample
211203-lr7snagabl
-
MD5
7091684f6d958d8bbb0ae72d30ef3f93
-
SHA1
946ab60d8020ed0209f2fc5237020ed74e2bf2f8
-
SHA256
7bbfbb37c39b9f86adc6fda345c835cb256948cdc886b273c3215e4ccbbd877a
-
SHA512
d9374aff01b656fd92c6e44e095ed958be11c07b84a2d65f569ee278960571ac2ab3f1f7960113b8438b69945274e1e6d888a07646d528136102b6aad8979ae8
Static task
static1
Behavioral task
behavioral1
Sample
2345678098765T4323456789G.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
2345678098765T4323456789G.exe
Resource
win10-en-20211014
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
serv3.devmexico.com - Port:
587 - Username:
reservaciones@hoteljuaninos.com.mx - Password:
3}l^pI#_4K_!
Targets
-
-
Target
2345678098765T4323456789G.exe
-
Size
396KB
-
MD5
7091684f6d958d8bbb0ae72d30ef3f93
-
SHA1
946ab60d8020ed0209f2fc5237020ed74e2bf2f8
-
SHA256
7bbfbb37c39b9f86adc6fda345c835cb256948cdc886b273c3215e4ccbbd877a
-
SHA512
d9374aff01b656fd92c6e44e095ed958be11c07b84a2d65f569ee278960571ac2ab3f1f7960113b8438b69945274e1e6d888a07646d528136102b6aad8979ae8
Score10/10-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-