General
-
Target
7ae596e4adf76beb30ebb960dee5bf60
-
Size
762KB
-
Sample
240127-wjnd6ahbe8
-
MD5
7ae596e4adf76beb30ebb960dee5bf60
-
SHA1
b401672a55519e7ae28d5f58f31e1267bb5300cf
-
SHA256
ca6331b3a8e19b15ccc097bb4a6648bfa94136134c2302b5e11525cf27f09a34
-
SHA512
8373eb81697f239637ce2c981e559b53431f8b667b8e8ec8961dae25236139f5b8eef71f2a52f318da8cc3c05b7aa04cf63b6a8041ba69f8f067f9ed6274acd9
-
SSDEEP
12288:0eoPU9rPU9SMDPtHZBwOsBgo0q4wMur3teV4Ea8b9VqEVzR1ybbDsqo5qlm6HR4l:0eoBwOsBgo0q4wMkA4cWs1ybb1o5PgGu
Static task
static1
Behavioral task
behavioral1
Sample
7ae596e4adf76beb30ebb960dee5bf60.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
7ae596e4adf76beb30ebb960dee5bf60.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.bdkpoll.com - Port:
587 - Username:
[email protected] - Password:
tU#)K+9jxLdZ
Targets
-
-
Target
7ae596e4adf76beb30ebb960dee5bf60
-
Size
762KB
-
MD5
7ae596e4adf76beb30ebb960dee5bf60
-
SHA1
b401672a55519e7ae28d5f58f31e1267bb5300cf
-
SHA256
ca6331b3a8e19b15ccc097bb4a6648bfa94136134c2302b5e11525cf27f09a34
-
SHA512
8373eb81697f239637ce2c981e559b53431f8b667b8e8ec8961dae25236139f5b8eef71f2a52f318da8cc3c05b7aa04cf63b6a8041ba69f8f067f9ed6274acd9
-
SSDEEP
12288:0eoPU9rPU9SMDPtHZBwOsBgo0q4wMur3teV4Ea8b9VqEVzR1ybbDsqo5qlm6HR4l:0eoBwOsBgo0q4wMkA4cWs1ybb1o5PgGu
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-