General
-
Target
abf58920ed73ef807269982b4e62fa9a.exe
-
Size
1.4MB
-
Sample
231101-ta2t3sbh68
-
MD5
abf58920ed73ef807269982b4e62fa9a
-
SHA1
03e66fb10269f7ba6fe0bc8200ba5685f224ac7c
-
SHA256
1a43ce284eeb6c62750e67cfd710109ea3461e0fdb4e3ef6df64b159e78f8fd2
-
SHA512
c67e36cd7934a0bd4c4b14909f66d8b1349a21f1286ccc719ecbe14e4cdaaad0874e9c4bd9b8799806c1a26b4ad40fd0c9249c880b0aad015be184a3dda97411
-
SSDEEP
24576:qrEb2grO4+yKPoJHZ6gLl2FNY0wxOSkMoXwwaP7d3BFMukWMG+gcXh6dvrBV1ge+:+Eb2FyKI5wNVwxJk7XvTG+g+h6dvrBVy
Static task
static1
Behavioral task
behavioral1
Sample
abf58920ed73ef807269982b4e62fa9a.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
abf58920ed73ef807269982b4e62fa9a.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
BkKMmzZ1
Targets
-
-
Target
abf58920ed73ef807269982b4e62fa9a.exe
-
Size
1.4MB
-
MD5
abf58920ed73ef807269982b4e62fa9a
-
SHA1
03e66fb10269f7ba6fe0bc8200ba5685f224ac7c
-
SHA256
1a43ce284eeb6c62750e67cfd710109ea3461e0fdb4e3ef6df64b159e78f8fd2
-
SHA512
c67e36cd7934a0bd4c4b14909f66d8b1349a21f1286ccc719ecbe14e4cdaaad0874e9c4bd9b8799806c1a26b4ad40fd0c9249c880b0aad015be184a3dda97411
-
SSDEEP
24576:qrEb2grO4+yKPoJHZ6gLl2FNY0wxOSkMoXwwaP7d3BFMukWMG+gcXh6dvrBV1ge+:+Eb2FyKI5wNVwxJk7XvTG+g+h6dvrBVy
Score10/10-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-