General
-
Target
VBGV76.rar
-
Size
132KB
-
Sample
230510-h54flsgf6v
-
MD5
22a6fafd31505d2cc61518859a8aa2fa
-
SHA1
b040d20e4df16ccbdeeb1536ab18a69f6e8ed2e7
-
SHA256
70c336dd30227d3f33a38646f5e5944183586c3d69473b393d9ba31c1308f107
-
SHA512
01541d7a8ea893b2270d10c33b6abf2a43b3dd566c28b6b6e60a57616c7efc2a875162c69ecb0281a7c1c6fd4d43b67da9a1fc627231452fa72e3b4c00e374cd
-
SSDEEP
3072:pBfvI+M21Ll/9mgDtauZvQM294EF5l5HGyt214Fo0TEma6r/jsxowrz:pBfvgOF9haiQMNE55rM0Tha6LgLz
Static task
static1
Behavioral task
behavioral1
Sample
VBGV76.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
VBGV76.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.bulktz.com.ng - Port:
587 - Username:
[email protected] - Password:
u%i2}{;Ma.sv - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.bulktz.com.ng - Port:
587 - Username:
[email protected] - Password:
u%i2}{;Ma.sv
Targets
-
-
Target
VBGV76.exe
-
Size
153KB
-
MD5
131918d781ea54849c1b303c9761cdda
-
SHA1
08ccefda3873d5b6c37c463cf7405922f54a345c
-
SHA256
769294c8432281947d6123baee322d195bd0a8a88c89fce1aca8762dc1ec3e73
-
SHA512
31e2041ce40d1cf33cbaf61d043d11d1be82e0a28b3e043cf63bb950ffa6be6bef1b5e50eed41ac0f3459613f3e56fbf7a12a6fa227e04544571cca5272e55b0
-
SSDEEP
3072:DlLM0l+Q/znsDUnAANPDB9h/WyERzj25q+kbj6LuT2CfUpvZInr3tSEvJrUkNWMN:Dl40X/L5NPDF6R+5q+kbjMu6CfUtZIrD
-
Snake Keylogger payload
-
StormKitty payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-