General
-
Target
smes.exe
-
Size
1.1MB
-
Sample
230827-k2qfpagf22
-
MD5
2c9f626447ae964cea8cc43daf078e70
-
SHA1
e6f9fed713f822348c289ab37e1e559f6738865e
-
SHA256
1650fa7dfd5cc553776b130e27195d407ab18a356773e0c4b471102764ef25dd
-
SHA512
65ccfa2a7ad4167aa157ece29906411dc2a4dd45027520e89f1a29c3a4ef6315b404c8ecf3a54f7b7ab348635b813f0a96f762ba2633d4499f9a56eb53978449
-
SSDEEP
24576:Xu6J33O0c+JY5UZ+XC0kGso6Fa1BNv36j/5n8WY:xu0c++OCvkGs9Fa1eTBY
Static task
static1
Behavioral task
behavioral1
Sample
smes.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
smes.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
Protocol: smtp- Host:
bhavnatutor.com - Port:
587 - Username:
[email protected] - Password:
Onyeoba111
Targets
-
-
Target
smes.exe
-
Size
1.1MB
-
MD5
2c9f626447ae964cea8cc43daf078e70
-
SHA1
e6f9fed713f822348c289ab37e1e559f6738865e
-
SHA256
1650fa7dfd5cc553776b130e27195d407ab18a356773e0c4b471102764ef25dd
-
SHA512
65ccfa2a7ad4167aa157ece29906411dc2a4dd45027520e89f1a29c3a4ef6315b404c8ecf3a54f7b7ab348635b813f0a96f762ba2633d4499f9a56eb53978449
-
SSDEEP
24576:Xu6J33O0c+JY5UZ+XC0kGso6Fa1BNv36j/5n8WY:xu0c++OCvkGs9Fa1eTBY
-
Phoenix Keylogger payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-