General
-
Target
010c105d8e971d805cb70b90ce6e43b5e9878d6285c9123d7a407769e16b9e9d
-
Size
728KB
-
Sample
240422-bw5tradh7z
-
MD5
07fbaa2b5cfb421cbbb772648c9853f0
-
SHA1
4e7dc117a33317f9f57ade1171001c3f7e256a3d
-
SHA256
010c105d8e971d805cb70b90ce6e43b5e9878d6285c9123d7a407769e16b9e9d
-
SHA512
cb647491f956cf643659477276caa17ba55ef8cee5dfd8fd89f2d248a09f6c5300a131333aeecd919f6ef63fa9a577d9370cdfac55e5954d0480768136c0bebb
-
SSDEEP
12288:fCp3c2o/vndz/ju0+4WFN5RSmIdbWb9M1eL1PG1Zked:fQc2o/1zS0+15RSmIdbWb9ZPs
Static task
static1
Behavioral task
behavioral1
Sample
010c105d8e971d805cb70b90ce6e43b5e9878d6285c9123d7a407769e16b9e9d.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
010c105d8e971d805cb70b90ce6e43b5e9878d6285c9123d7a407769e16b9e9d.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
pro40.emailserver.vn - Port:
587 - Username:
vexa@itpc.gov.vn - Password:
Vexa@2013
Targets
-
-
Target
010c105d8e971d805cb70b90ce6e43b5e9878d6285c9123d7a407769e16b9e9d
-
Size
728KB
-
MD5
07fbaa2b5cfb421cbbb772648c9853f0
-
SHA1
4e7dc117a33317f9f57ade1171001c3f7e256a3d
-
SHA256
010c105d8e971d805cb70b90ce6e43b5e9878d6285c9123d7a407769e16b9e9d
-
SHA512
cb647491f956cf643659477276caa17ba55ef8cee5dfd8fd89f2d248a09f6c5300a131333aeecd919f6ef63fa9a577d9370cdfac55e5954d0480768136c0bebb
-
SSDEEP
12288:fCp3c2o/vndz/ju0+4WFN5RSmIdbWb9M1eL1PG1Zked:fQc2o/1zS0+15RSmIdbWb9ZPs
Score10/10-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-