General
-
Target
Onaylama.exe
-
Size
779KB
-
Sample
230605-mkc55sgd9v
-
MD5
58ed7b45f9a275e2f338d61771a64687
-
SHA1
3067e14aac837237a0f119458e09ccb305b46cba
-
SHA256
76f01e4cfcfc115b4c26f3cae977d3390a6d205ed9ac87c74d471b3dda4bd4a2
-
SHA512
7cfe5457686869f73d81da56800cae400cef69667f8f17fb14df87fe8629cc30f1c6a347aa33a44fedff9515603088f31a3942dcba00ed37ea9fd75a9591d60c
-
SSDEEP
24576:wMU6SHlWxMiQW/O4ue7ujejax6r+zFbJJyGvd:qJlYMiQWmS7QejShJLyGvd
Static task
static1
Behavioral task
behavioral1
Sample
Onaylama.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Onaylama.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.mutuadebasto.pt - Port:
587 - Username:
fernando.basto@mutuadebasto.pt - Password:
mutua_Fernando123
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.mutuadebasto.pt - Port:
587 - Username:
fernando.basto@mutuadebasto.pt - Password:
mutua_Fernando123 - Email To:
jacga6381@gmail.com
Targets
-
-
Target
Onaylama.exe
-
Size
779KB
-
MD5
58ed7b45f9a275e2f338d61771a64687
-
SHA1
3067e14aac837237a0f119458e09ccb305b46cba
-
SHA256
76f01e4cfcfc115b4c26f3cae977d3390a6d205ed9ac87c74d471b3dda4bd4a2
-
SHA512
7cfe5457686869f73d81da56800cae400cef69667f8f17fb14df87fe8629cc30f1c6a347aa33a44fedff9515603088f31a3942dcba00ed37ea9fd75a9591d60c
-
SSDEEP
24576:wMU6SHlWxMiQW/O4ue7ujejax6r+zFbJJyGvd:qJlYMiQWmS7QejShJLyGvd
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-