General
-
Target
tmp
-
Size
587KB
-
Sample
230605-p2kyesgf73
-
MD5
b63b26e3ea0823c70f5097f649010ce1
-
SHA1
15bd92b8a2376fa8f9919cae91bd720cfb4dbf0a
-
SHA256
f70b14d626ed98e1d538e9968ea027c59698561694983366ae6cf1029c73e76e
-
SHA512
ad61aaac88ff21d5bd9f4beeac1ee4816c552e1acb41dee64b6f800a57ad8fab98478ab840cc6857d50b91794e06cc6ecab4bf3ba1a5f3ad578d6687e66356a6
-
SSDEEP
12288:CItPplTY6RhKuHsgjGdkhpl3Ks9Wo6pOT8SZWkIOXm/oR:CIJTDEkjGdoBK6ZTNrIO2/oR
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
tmp.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
Protocol: smtp- Host:
cp5ua.hyperhost.ua - Port:
587 - Username:
arinzelog@saonline.xyz - Password:
7213575aceACE@#$
Extracted
snakekeylogger
Protocol: smtp- Host:
cp5ua.hyperhost.ua - Port:
587 - Username:
arinzelog@saonline.xyz - Password:
7213575aceACE@#$ - Email To:
arinze@saonline.xyz
Targets
-
-
Target
tmp
-
Size
587KB
-
MD5
b63b26e3ea0823c70f5097f649010ce1
-
SHA1
15bd92b8a2376fa8f9919cae91bd720cfb4dbf0a
-
SHA256
f70b14d626ed98e1d538e9968ea027c59698561694983366ae6cf1029c73e76e
-
SHA512
ad61aaac88ff21d5bd9f4beeac1ee4816c552e1acb41dee64b6f800a57ad8fab98478ab840cc6857d50b91794e06cc6ecab4bf3ba1a5f3ad578d6687e66356a6
-
SSDEEP
12288:CItPplTY6RhKuHsgjGdkhpl3Ks9Wo6pOT8SZWkIOXm/oR:CIJTDEkjGdoBK6ZTNrIO2/oR
-
Snake Keylogger payload
-
StormKitty payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-