General
-
Target
905f74fb158b50341e6dc710a60dad37.exe
-
Size
11KB
-
Sample
210928-gh17asaff3
-
MD5
905f74fb158b50341e6dc710a60dad37
-
SHA1
b54645bb347a4c76d73f2ff0e46aa4bd9b010ae0
-
SHA256
e2be9c91435869a3115459dccf4bd7f39c7da19e2b8ef43979b6a234c6c73335
-
SHA512
930d2133a759bbb634d9cb2860dbc7ce03215d68ea46d396d6eb1d6484c5a2104bec21a0d873e831f1f5f218e1fa44c1dbaef57fdf27fb8b66e57bea929abcf7
Static task
static1
Behavioral task
behavioral1
Sample
905f74fb158b50341e6dc710a60dad37.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
905f74fb158b50341e6dc710a60dad37.exe
Resource
win10v20210408
Malware Config
Extracted
snakekeylogger
Protocol: ftp- Host:
ftp://ftp.servicoscisi.shop/ - Port:
21 - Username:
snaky@servicoscisi.shop - Password:
Light1988@
Targets
-
-
Target
905f74fb158b50341e6dc710a60dad37.exe
-
Size
11KB
-
MD5
905f74fb158b50341e6dc710a60dad37
-
SHA1
b54645bb347a4c76d73f2ff0e46aa4bd9b010ae0
-
SHA256
e2be9c91435869a3115459dccf4bd7f39c7da19e2b8ef43979b6a234c6c73335
-
SHA512
930d2133a759bbb634d9cb2860dbc7ce03215d68ea46d396d6eb1d6484c5a2104bec21a0d873e831f1f5f218e1fa44c1dbaef57fdf27fb8b66e57bea929abcf7
Score10/10-
Downloads MZ/PE file
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-