General
-
Target
a3f88b358aeb96f7d3cce152c6ef88f5.exe
-
Size
596KB
-
Sample
211207-mv4qvabff6
-
MD5
a3f88b358aeb96f7d3cce152c6ef88f5
-
SHA1
71f1ace1dbdfdf252a6353e137e76003ef0c1b73
-
SHA256
cabaec74ffa9d9e52b03f48c8ff2c3e87c98aa39c032c7f82385c3b11f5d0025
-
SHA512
ac8a39a6544d709c12711558ed2acbf4961e74ac791fe817c05b90c1078c68b3ce87abf79236054cebdae2fd53833faaeca213b2c7a006667123d47684f9848c
Static task
static1
Behavioral task
behavioral1
Sample
a3f88b358aeb96f7d3cce152c6ef88f5.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
a3f88b358aeb96f7d3cce152c6ef88f5.exe
Resource
win10-en-20211014
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.stlwtgroup.com - Port:
587 - Username:
simon.ho@stlwtgroup.com - Password:
Simon97292457
Targets
-
-
Target
a3f88b358aeb96f7d3cce152c6ef88f5.exe
-
Size
596KB
-
MD5
a3f88b358aeb96f7d3cce152c6ef88f5
-
SHA1
71f1ace1dbdfdf252a6353e137e76003ef0c1b73
-
SHA256
cabaec74ffa9d9e52b03f48c8ff2c3e87c98aa39c032c7f82385c3b11f5d0025
-
SHA512
ac8a39a6544d709c12711558ed2acbf4961e74ac791fe817c05b90c1078c68b3ce87abf79236054cebdae2fd53833faaeca213b2c7a006667123d47684f9848c
Score10/10-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-