General
-
Target
37c89d3724f91814329d61e35ff28890
-
Size
646KB
-
Sample
231225-x5e6caaghj
-
MD5
37c89d3724f91814329d61e35ff28890
-
SHA1
7413a14f623d9cb5107b35a01d51fe3d3917efc5
-
SHA256
dcc5c6710896d51cc8f5aafbdbe0416e6dcd35fabfb5d3d33610d62ae1fc6545
-
SHA512
8bf506853c91f8ed2c78cfa3af12ec6386f1040fb3e256857f9c16d33a20f7acd340da17ba095a3d459f5ec1c65d65e9642aea41639118f930d5216b0135d247
-
SSDEEP
12288:xr3PU9XPU9quaSI+BRjGOsBgo0q4wM0JQIdeOrysQOMcvTTanf+yIjVjg:xrzjGOsBgo0q4wM0JQYrypOp62ySVj
Static task
static1
Behavioral task
behavioral1
Sample
37c89d3724f91814329d61e35ff28890.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
37c89d3724f91814329d61e35ff28890.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.ekonaz.com - Port:
587 - Username:
[email protected] - Password:
251925
Targets
-
-
Target
37c89d3724f91814329d61e35ff28890
-
Size
646KB
-
MD5
37c89d3724f91814329d61e35ff28890
-
SHA1
7413a14f623d9cb5107b35a01d51fe3d3917efc5
-
SHA256
dcc5c6710896d51cc8f5aafbdbe0416e6dcd35fabfb5d3d33610d62ae1fc6545
-
SHA512
8bf506853c91f8ed2c78cfa3af12ec6386f1040fb3e256857f9c16d33a20f7acd340da17ba095a3d459f5ec1c65d65e9642aea41639118f930d5216b0135d247
-
SSDEEP
12288:xr3PU9XPU9quaSI+BRjGOsBgo0q4wM0JQIdeOrysQOMcvTTanf+yIjVjg:xrzjGOsBgo0q4wM0JQYrypOp62ySVj
Score10/10-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-