General
-
Target
Sale_Contract.com.exe
-
Size
834KB
-
Sample
210121-d4qczq1dds
-
MD5
82da026cdda027fa16a19d91794c5f9e
-
SHA1
354c3df735d48efaba85680367a1bcb8af5e1c7d
-
SHA256
f8d16a2a7da4ed223329f2bb59f3e0296b6e3b36dee8f7e40a4c0d276a83032d
-
SHA512
d96994ca3f771a7e31ef7abfdb27526fd8a5c30e18255a2457831d70fdec9e9b4017c3e977de2a1c801112cd450eff7140642d45d527378e4bc6e6c1ba2ca9af
Static task
static1
Behavioral task
behavioral1
Sample
Sale_Contract.com.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Sale_Contract.com.exe
Resource
win10v20201028
Malware Config
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
smt.treat@yandex.com - Password:
WyhjVTBX5hjrgu7
Targets
-
-
Target
Sale_Contract.com.exe
-
Size
834KB
-
MD5
82da026cdda027fa16a19d91794c5f9e
-
SHA1
354c3df735d48efaba85680367a1bcb8af5e1c7d
-
SHA256
f8d16a2a7da4ed223329f2bb59f3e0296b6e3b36dee8f7e40a4c0d276a83032d
-
SHA512
d96994ca3f771a7e31ef7abfdb27526fd8a5c30e18255a2457831d70fdec9e9b4017c3e977de2a1c801112cd450eff7140642d45d527378e4bc6e6c1ba2ca9af
Score10/10-
Snake Keylogger Payload
-
Drops startup file
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of SetThreadContext
-