General
-
Target
4e5581d1565991c580786be9ea17ca9d.exe
-
Size
625KB
-
Sample
211205-jagtssehc9
-
MD5
4e5581d1565991c580786be9ea17ca9d
-
SHA1
0755d99a3f188719df948d02f79d57f0cae542fe
-
SHA256
dcc41c9cd44244db1d417b41c3ce05e9081c24086b446f1b53df2e425ce8978f
-
SHA512
6130c05eef4ef7eb0029bb89f870b9ed1c21fc31b0d0034e4c193e9839d32b13add93edff5c24dd04e897b050eeb3b1ef68f545e32c1a073c7e9d4d81ef9185d
Static task
static1
Behavioral task
behavioral1
Sample
4e5581d1565991c580786be9ea17ca9d.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
4e5581d1565991c580786be9ea17ca9d.exe
Resource
win10-en-20211104
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.rockglen.com - Port:
587 - Username:
aorreservations@rockglen.com - Password:
@123kmoney
Targets
-
-
Target
4e5581d1565991c580786be9ea17ca9d.exe
-
Size
625KB
-
MD5
4e5581d1565991c580786be9ea17ca9d
-
SHA1
0755d99a3f188719df948d02f79d57f0cae542fe
-
SHA256
dcc41c9cd44244db1d417b41c3ce05e9081c24086b446f1b53df2e425ce8978f
-
SHA512
6130c05eef4ef7eb0029bb89f870b9ed1c21fc31b0d0034e4c193e9839d32b13add93edff5c24dd04e897b050eeb3b1ef68f545e32c1a073c7e9d4d81ef9185d
Score10/10-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-