General
-
Target
040c97d88d85a6125f0d00bc5173f94a.exe
-
Size
600KB
-
Sample
211207-mwn2saggen
-
MD5
040c97d88d85a6125f0d00bc5173f94a
-
SHA1
7d6f268c252f97a004f2b123aed5b8bafbf43350
-
SHA256
1a2eb9acfe8bb06d2b0e8e5124bbc123d4aeffacc0d129c7d9a2c36be3786b76
-
SHA512
5401f2e0e88db389746012d5f1041540b5f6ba1f64c09e8d945a1a41100de459c73c7a401a4ef982403a5613dd9d72ca9a4dd1cd6004fa7eb264791c2a47f0b7
Static task
static1
Behavioral task
behavioral1
Sample
040c97d88d85a6125f0d00bc5173f94a.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
040c97d88d85a6125f0d00bc5173f94a.exe
Resource
win10-en-20211104
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.sapphireclothing.com - Port:
587 - Username:
hr@sapphireclothing.com - Password:
hrSap2018
Targets
-
-
Target
040c97d88d85a6125f0d00bc5173f94a.exe
-
Size
600KB
-
MD5
040c97d88d85a6125f0d00bc5173f94a
-
SHA1
7d6f268c252f97a004f2b123aed5b8bafbf43350
-
SHA256
1a2eb9acfe8bb06d2b0e8e5124bbc123d4aeffacc0d129c7d9a2c36be3786b76
-
SHA512
5401f2e0e88db389746012d5f1041540b5f6ba1f64c09e8d945a1a41100de459c73c7a401a4ef982403a5613dd9d72ca9a4dd1cd6004fa7eb264791c2a47f0b7
Score10/10-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-