General
-
Target
PO-5738737272.001
-
Size
244KB
-
Sample
211203-txkt3scab5
-
MD5
773d1ecbe70c3cc55060aa5b998c30b1
-
SHA1
78db92516ef483509d4cc9cb7c30f6dc99b37d53
-
SHA256
e413d15905f2595b44380bfac0884b32cfe83ec125deccf8e98b85c0bd9e7889
-
SHA512
7a036ca516bf387b910c29eb466c2f520506572201578f749a6905700c102ac56e8712cf2a771fa0f2b87550335414a942b8148ad5033c7eba1748f71170c9fc
Static task
static1
Behavioral task
behavioral1
Sample
PO-5738737272.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
PO-5738737272.exe
Resource
win10-en-20211104
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.sapphireclothing.com - Port:
587 - Username:
hr@sapphireclothing.com - Password:
hrSap2018
Targets
-
-
Target
PO-5738737272.exe
-
Size
427KB
-
MD5
e46e4deadec5bed6fcd3b6eb3202d606
-
SHA1
a98564f3f69b65a5a031a8f8830e8d833f02a831
-
SHA256
da7d90e13ecccb70bba997e4a07c76abf774dd2309bd71982fe3479ab0ddd663
-
SHA512
5247025435db48a7a6b09dbf202bff5739415d533ba950cc38074bccbb6c192e3a6c2fa830c0243988738bfcbf3e628ae74a18b1b4c9ec6f5c7e68afbcfa2905
-
Modifies WinLogon for persistence
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-