General
-
Target
a569143fb486224eafbd810733838c53.exe
-
Size
988KB
-
Sample
210121-sz6ensrm8a
-
MD5
a569143fb486224eafbd810733838c53
-
SHA1
69cfb0ef26c1ee25590453cb5531e5fec347de04
-
SHA256
10e0e68a368fcfca75516ac7814e87a388ff5047964a0501a3cb75d9330b3eb8
-
SHA512
67f60a853a016d47ec8a58f46abcae6dd102304db907478d589d5388a7b684b8b4779d7dbe9cb0d2dc9ab48c4902f8d48d35dff31cc0405796d38ba084199b8e
Static task
static1
Behavioral task
behavioral1
Sample
a569143fb486224eafbd810733838c53.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
a569143fb486224eafbd810733838c53.exe
Resource
win10v20201028
Malware Config
Extracted
Protocol: smtp- Host:
pro40.emailserver.vn - Port:
587 - Username:
vexa@itpc.gov.vn - Password:
Vexa@2013
Targets
-
-
Target
a569143fb486224eafbd810733838c53.exe
-
Size
988KB
-
MD5
a569143fb486224eafbd810733838c53
-
SHA1
69cfb0ef26c1ee25590453cb5531e5fec347de04
-
SHA256
10e0e68a368fcfca75516ac7814e87a388ff5047964a0501a3cb75d9330b3eb8
-
SHA512
67f60a853a016d47ec8a58f46abcae6dd102304db907478d589d5388a7b684b8b4779d7dbe9cb0d2dc9ab48c4902f8d48d35dff31cc0405796d38ba084199b8e
Score10/10-
Snake Keylogger Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-