General
-
Target
Clientes BBVA Comprovativo de Transferência.exe
-
Size
803KB
-
Sample
230610-l44lrsef46
-
MD5
332fafc0993507e11a2bf75bc8ca5ee2
-
SHA1
97daf2b48b2b68ea60a0ab6be36317d05e09d4f6
-
SHA256
2012a5289f3b66df67bcbebbffc391ea07eb0a96ebb6892dbfbd0e238c620f3d
-
SHA512
e9b530f5cd5520865e8b090669fa9f37338a357aa9ed97538b968b62cefa99395274e54abf8003310094ae60c37bbe105a1226dbe5b68d9fc00199418eeba547
-
SSDEEP
12288:+AlbeUUtm7xdvo/MdyrhFgtDsuBHsSj5J4+saBG5oo84AszCs8wbzB/98irBNNo2:Rlb+tm9BqmycgiH75B4osoacvOl2Ry
Static task
static1
Behavioral task
behavioral1
Sample
Clientes BBVA Comprovativo de Transferência.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Clientes BBVA Comprovativo de Transferência.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.mutuadebasto.pt - Port:
587 - Username:
fernando.basto@mutuadebasto.pt - Password:
mutua_Fernando123
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.mutuadebasto.pt - Port:
587 - Username:
fernando.basto@mutuadebasto.pt - Password:
mutua_Fernando123 - Email To:
jacga6381@gmail.com
Targets
-
-
Target
Clientes BBVA Comprovativo de Transferência.exe
-
Size
803KB
-
MD5
332fafc0993507e11a2bf75bc8ca5ee2
-
SHA1
97daf2b48b2b68ea60a0ab6be36317d05e09d4f6
-
SHA256
2012a5289f3b66df67bcbebbffc391ea07eb0a96ebb6892dbfbd0e238c620f3d
-
SHA512
e9b530f5cd5520865e8b090669fa9f37338a357aa9ed97538b968b62cefa99395274e54abf8003310094ae60c37bbe105a1226dbe5b68d9fc00199418eeba547
-
SSDEEP
12288:+AlbeUUtm7xdvo/MdyrhFgtDsuBHsSj5J4+saBG5oo84AszCs8wbzB/98irBNNo2:Rlb+tm9BqmycgiH75B4osoacvOl2Ry
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-