General
-
Target
Inquiry.exe
-
Size
1.0MB
-
Sample
220704-kfahcahhb8
-
MD5
acbe19bc72dd4c3352ef903c7a4d1808
-
SHA1
ae9882beed4d7a535aa7b7c03343669aca0f5286
-
SHA256
11cc9b67323e0356700baf2912a772542687ecd29c2d32c3f20ec41d8ce6ae2a
-
SHA512
705673d57330e481e100024b808f61a90d4dc01d793e5bfcb5f819319b6b6ecc79c9c73d3a6afc70feae73f46ccb0dfccee9f11e9b91af6c6bc1b0c6b3ac396b
Static task
static1
Behavioral task
behavioral1
Sample
Inquiry.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Inquiry.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
smtp.mail.ru - Port:
587 - Username:
ofixgh@mail.ru - Password:
HNo0YSKYdtVdxOiHgVfj - Email To:
ofixgh@mail.ru
Targets
-
-
Target
Inquiry.exe
-
Size
1.0MB
-
MD5
acbe19bc72dd4c3352ef903c7a4d1808
-
SHA1
ae9882beed4d7a535aa7b7c03343669aca0f5286
-
SHA256
11cc9b67323e0356700baf2912a772542687ecd29c2d32c3f20ec41d8ce6ae2a
-
SHA512
705673d57330e481e100024b808f61a90d4dc01d793e5bfcb5f819319b6b6ecc79c9c73d3a6afc70feae73f46ccb0dfccee9f11e9b91af6c6bc1b0c6b3ac396b
Score10/10-
Snake Keylogger Payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-