General
-
Target
RFQ-1170235.exe
-
Size
1.1MB
-
Sample
220704-ja8mhshdf7
-
MD5
e1f880798e6a76a155b405992ba3e8af
-
SHA1
89a77441ecf5da27f1300462c121cd6de523b0db
-
SHA256
173030de49f428f536de454614091698f5c9f0c34d08fc37b8ed6f89020d4bad
-
SHA512
9f68e6fe865d9c80fef71350fa99242ebe1d9521cff2bad1bad4db8cf21f5e20a69e760ff8feff2c842c5adfd78aec2c31fa4fbcbc879e1c43c7c61e4fcad03d
Static task
static1
Behavioral task
behavioral1
Sample
RFQ-1170235.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
RFQ-1170235.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.ckjksb.com - Port:
587 - Username:
chah@ckjksb.com - Password:
123@ckjksb456 - Email To:
goldencargologistic@gmail.com
Targets
-
-
Target
RFQ-1170235.exe
-
Size
1.1MB
-
MD5
e1f880798e6a76a155b405992ba3e8af
-
SHA1
89a77441ecf5da27f1300462c121cd6de523b0db
-
SHA256
173030de49f428f536de454614091698f5c9f0c34d08fc37b8ed6f89020d4bad
-
SHA512
9f68e6fe865d9c80fef71350fa99242ebe1d9521cff2bad1bad4db8cf21f5e20a69e760ff8feff2c842c5adfd78aec2c31fa4fbcbc879e1c43c7c61e4fcad03d
Score10/10-
Snake Keylogger Payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-