General
-
Target
d5ae7b5fb98b5a5bd05f5a2b604e50725259e010cb7bbabe044d1855085eed83
-
Size
281KB
-
Sample
220521-bj274afabn
-
MD5
40e2329716e181c61254d120146830f8
-
SHA1
9cd2c46cce4ee7fb9631f6e71b943df571ad8b71
-
SHA256
d5ae7b5fb98b5a5bd05f5a2b604e50725259e010cb7bbabe044d1855085eed83
-
SHA512
09e5261c92a1923f3d95a54dc4ba546c8d776c4ee3532c8bb631b8ca454e89ef3240f2c70699523553c89093e298b6e474264e134fd0a26b2c9fa6c22cb4888d
Static task
static1
Behavioral task
behavioral1
Sample
SKM_004202005000.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
SKM_004202005000.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
rDdlJ%h9
Targets
-
-
Target
SKM_004202005000.exe
-
Size
538KB
-
MD5
7b29ed387e5ee010639af0fad63d582b
-
SHA1
b68dfa3f4220665d4c0bb90480305d79948e838e
-
SHA256
51d5ab8487876cbc9c82c7450affdab67de13f1ff8b126f82fefa4281698ad59
-
SHA512
d905c44ac09aaece6b72acf53897c273ecd36512f5ac5d054b4217bdd290aa4c4dee6262c4c85f9a1cd67abd7f0c102a4fdfec4deab0c99d813192cbca166b70
Score10/10-
404 Keylogger Main Executable
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-