General
-
Target
17a7fadae74b86c509a54052f953e4da.bin
-
Size
517KB
-
Sample
240629-cr9sksyera
-
MD5
17a7fadae74b86c509a54052f953e4da
-
SHA1
5b0fdc187fdb5c0f66b81fc1aafca66965c8ce6b
-
SHA256
a160642ccf07ca3f837ed3070d3790a5bf3eada0efd95a9d4403d23a96a0b6bd
-
SHA512
e5e93c7f7e8cb6cb4350309acf59432dd2a8b07c4ce542ef5661d6cd776a73b2ac778caf271a1310f1af39ed11e472748d28b041516631bbab6dd02a54b7e249
-
SSDEEP
12288:Yh3yc6NUIiPzMe0KbVlYwaC0rJ00T/knMrpBhw6:YNyxiPfJKwaC0rq0jAMr/+6
Static task
static1
Behavioral task
behavioral1
Sample
1 Tera HD-250Qty.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
1 Tera HD-250Qty.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.cleo2solutions.com.au - Port:
587 - Username:
[email protected] - Password:
Enter@123
Targets
-
-
Target
1 Tera HD-250Qty.exe
-
Size
1.3MB
-
MD5
8f602b38b79c7c0d429531f91b563df8
-
SHA1
cac3f98aa44c6a78e441e06e86e20d2ed1fcba14
-
SHA256
1a3ce7daf20ceb145a8b1045043e4368a6ac1b1ef13f71898faf5855be16948f
-
SHA512
ce21dabe8dfd066b307a69174d2c2cfa8c13d4035176e13247c057ede89cb7bf8e88a71edc22fb651462d513bfcf0e83033fa4101cbaa581bccf6e1fb201380f
-
SSDEEP
12288:OfvNA7CasVXrfc6edGlc3r7O6x+GR6HZmlk4GcPy9h6JHIxfNj2lQXKp07:uRakf7lczxF2ZmltPi6JHIxF
Score10/10-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-