General
-
Target
Masters Denomination.exe
-
Size
467KB
-
Sample
220705-qp3s5shfcl
-
MD5
6709335556ae2a6fb194b90898255bb6
-
SHA1
b2cd06ea2351229724561ed13006bb73ab53846f
-
SHA256
2f4ff9f1d7bfe43e4f4c8925a4e93d6702b09bf1946897f5d00e0f77fdd1ce99
-
SHA512
c3790280c6372cf22be330a46d7d17622d54c9fe2011ce0f2d12e78e892122235da68d9da9153605b873569d32b2d4b31144680ab761c5e74349c99f1d383562
Static task
static1
Behavioral task
behavioral1
Sample
Masters Denomination.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Masters Denomination.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.gaoyang-county-ycm.com - Port:
26 - Username:
info@gaoyang-county-ycm.com - Password:
nb34m5bf - Email To:
info@gaoyang-county-ycm.com
Targets
-
-
Target
Masters Denomination.exe
-
Size
467KB
-
MD5
6709335556ae2a6fb194b90898255bb6
-
SHA1
b2cd06ea2351229724561ed13006bb73ab53846f
-
SHA256
2f4ff9f1d7bfe43e4f4c8925a4e93d6702b09bf1946897f5d00e0f77fdd1ce99
-
SHA512
c3790280c6372cf22be330a46d7d17622d54c9fe2011ce0f2d12e78e892122235da68d9da9153605b873569d32b2d4b31144680ab761c5e74349c99f1d383562
Score10/10-
Snake Keylogger Payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-