General
-
Target
SecuriteInfo.com.Trojan.Olock.1.24192.28775
-
Size
569KB
-
Sample
220702-kgfqraecdl
-
MD5
514832f08bebfe59febd0eb5a2f3bf07
-
SHA1
131c97d69dc50a94c2403d5369bf9d60dcf68d21
-
SHA256
a0bafce415317d58c1a59d6a176b23a07213e080dedd628611fdd423bf825096
-
SHA512
f6d51d089cdb4306c5338109c309cd5f7f1138e803fd8299d4cb02af28569cf166dd8f8c9293844aea0d2098010be42e7f870af43366deea7d3e63f5f56db64f
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.Olock.1.24192.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Trojan.Olock.1.24192.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
smtp.livemail.co.uk - Port:
587 - Username:
webmaster@vanguardcomics.uk - Password:
QAZqaz123@ - Email To:
dm5176476@gmail.com
Targets
-
-
Target
SecuriteInfo.com.Trojan.Olock.1.24192.28775
-
Size
569KB
-
MD5
514832f08bebfe59febd0eb5a2f3bf07
-
SHA1
131c97d69dc50a94c2403d5369bf9d60dcf68d21
-
SHA256
a0bafce415317d58c1a59d6a176b23a07213e080dedd628611fdd423bf825096
-
SHA512
f6d51d089cdb4306c5338109c309cd5f7f1138e803fd8299d4cb02af28569cf166dd8f8c9293844aea0d2098010be42e7f870af43366deea7d3e63f5f56db64f
Score10/10-
Snake Keylogger Payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-