Overview

overview

10

Static

static

SKM_004202005000.exe

windows7_x64

10

SKM_004202005000.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d5ae7b5fb98b5a5bd05f5a2b604e50725259e010cb7bbabe044d1855085eed83

  • Size

    281KB

  • Sample

    220521-bj274afabn

  • MD5

    40e2329716e181c61254d120146830f8

  • SHA1

    9cd2c46cce4ee7fb9631f6e71b943df571ad8b71

  • SHA256

    d5ae7b5fb98b5a5bd05f5a2b604e50725259e010cb7bbabe044d1855085eed83

  • SHA512

    09e5261c92a1923f3d95a54dc4ba546c8d776c4ee3532c8bb631b8ca454e89ef3240f2c70699523553c89093e298b6e474264e134fd0a26b2c9fa6c22cb4888d

Score
10/10
404keyloggercollectionkeyloggerspywarestealer

Malware Config

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    us2.smtp.mailhostbox.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    rDdlJ%h9

Targets

    • Target

      SKM_004202005000.exe

    • Size

      538KB

    • MD5

      7b29ed387e5ee010639af0fad63d582b

    • SHA1

      b68dfa3f4220665d4c0bb90480305d79948e838e

    • SHA256

      51d5ab8487876cbc9c82c7450affdab67de13f1ff8b126f82fefa4281698ad59

    • SHA512

      d905c44ac09aaece6b72acf53897c273ecd36512f5ac5d054b4217bdd290aa4c4dee6262c4c85f9a1cd67abd7f0c102a4fdfec4deab0c99d813192cbca166b70

    Score
    10/10
    404keyloggercollectionkeyloggerspywarestealer

    • 404 Keylogger

      Information stealer and keylogger first seen in 2019.

      stealerkeylogger404keylogger

    • 404 Keylogger Main Executable

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks