General
-
Target
MV GOLDEN SCHULTE.exe
-
Size
713KB
-
Sample
230610-l3x3laef34
-
MD5
a7d8b5319a545b81637c4c52e9a2a289
-
SHA1
c7cc54bb2647de0130d1484eba4e7bd09f083f75
-
SHA256
64cfb742accf0ccd0d20225f5c16688dda0aa93aa005157f02f0249bf3fe298e
-
SHA512
1a9bd6bf3ff368ad031dc95e7d3b6cb4af66f15608409013aca627220be66aaa75fba8fc177f232303dc909dbd7bc13c77fc9776f9a11c68c7cd857b09784bf9
-
SSDEEP
12288:Hd6L7PVMfuiLbhaDnLMzIL2q+RTdOL8SYBW+8RO+lIljhe4+PzAW0ANpy59:7OyqGUL8RBW+eyZhe4+8Y/y
Static task
static1
Behavioral task
behavioral1
Sample
MV GOLDEN SCHULTE.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
MV GOLDEN SCHULTE.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
argona.ro - Port:
26 - Username:
dan.grama@argona.ro - Password:
Argona12!@ - Email To:
trainee@valleycountysar.org
Targets
-
-
Target
MV GOLDEN SCHULTE.exe
-
Size
713KB
-
MD5
a7d8b5319a545b81637c4c52e9a2a289
-
SHA1
c7cc54bb2647de0130d1484eba4e7bd09f083f75
-
SHA256
64cfb742accf0ccd0d20225f5c16688dda0aa93aa005157f02f0249bf3fe298e
-
SHA512
1a9bd6bf3ff368ad031dc95e7d3b6cb4af66f15608409013aca627220be66aaa75fba8fc177f232303dc909dbd7bc13c77fc9776f9a11c68c7cd857b09784bf9
-
SSDEEP
12288:Hd6L7PVMfuiLbhaDnLMzIL2q+RTdOL8SYBW+8RO+lIljhe4+PzAW0ANpy59:7OyqGUL8RBW+eyZhe4+8Y/y
-
Snake Keylogger payload
-
StormKitty payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-