General
-
Target
SecuriteInfo.com.Trojan.PackedNET.507.9142.2207
-
Size
751KB
-
Sample
210122-b8r7xkaz9a
-
MD5
c7b57a6ecc4533c754e1c04789e242d0
-
SHA1
c252dbd1653bbfc5bb2941b8965c9daf41e066f6
-
SHA256
8b720e30117cfb204a068bfea7b482d1dfef2966fa32ecc2cabc3fe488674258
-
SHA512
95c3fff30f403addb4bbd74e86349303d14fa7ffe78c0e511145ac56b7b498842c774ff0e3d8636f3cee9dfb8b7cf4c80ebbce991e2d572afecf3bf593afcac8
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.PackedNET.507.9142.2207.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Trojan.PackedNET.507.9142.2207.exe
Resource
win10v20201028
Malware Config
Extracted
Protocol: smtp- Host:
mail.tavmachine.com - Port:
587 - Username:
m.michy@tavmachine.com - Password:
G{y7.W#Ni!-A
Targets
-
-
Target
SecuriteInfo.com.Trojan.PackedNET.507.9142.2207
-
Size
751KB
-
MD5
c7b57a6ecc4533c754e1c04789e242d0
-
SHA1
c252dbd1653bbfc5bb2941b8965c9daf41e066f6
-
SHA256
8b720e30117cfb204a068bfea7b482d1dfef2966fa32ecc2cabc3fe488674258
-
SHA512
95c3fff30f403addb4bbd74e86349303d14fa7ffe78c0e511145ac56b7b498842c774ff0e3d8636f3cee9dfb8b7cf4c80ebbce991e2d572afecf3bf593afcac8
Score10/10-
Snake Keylogger Payload
-
Drops startup file
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of SetThreadContext
-