General
-
Target
f9071918c9eb5b87657031356d8610583e85fbf23a2b15179a81d9dba041ab8f
-
Size
441KB
-
Sample
240428-tp1wbsbg31
-
MD5
154d032084995f2bbeea9d874f9c65e7
-
SHA1
6e4ae2e2eafb2e7764f8de2f42abaa1c79a59546
-
SHA256
f9071918c9eb5b87657031356d8610583e85fbf23a2b15179a81d9dba041ab8f
-
SHA512
df068f08f025ad331042209b1e0c05d86a2999540334990d924964380e3316c76ffc9913ab396dec602157d7e659e77a24a4d146ac292461599b775bd5b675fd
-
SSDEEP
12288:BiiUWfdah5Z7OIWd/ZsYIqLAOgN8bbAB/nkkEnv:BiitfdakuBDBMkC
Static task
static1
Behavioral task
behavioral1
Sample
Shipment Particulars.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Shipment Particulars.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.yandex.com - Port:
587 - Username:
kingjacko@yandex.com - Password:
chijiokejackson121
https://api.telegram.org/bot5206100572:AAFn3MxBuN0bjQhfY8y1ed9Iwi79LyIe75I/sendMessage?chat_id=2135869667
Targets
-
-
Target
Shipment Particulars.exe
-
Size
1.1MB
-
MD5
a31e2e7b5009a5499d3a900c54cff18b
-
SHA1
744e5d9c697d92ca0b47e1ac83dc1e448f5ac55a
-
SHA256
ae07170344ef7f113a32b575a40dbca7dfc7e770f3109df6e5b00e3686268652
-
SHA512
d62253eea81be81b1cb0e4497d51cc0eafc7497f07b1808412789490dbf01b985abd31074511cbf60b4fd2c7745a817e500b6a41feedff97493343bf900177f9
-
SSDEEP
24576:0Ff87va09lK4kB/YAuseX7KvO1YAuJMi+sPV3GykDfMNVzCOgKIQtKoColK5dwd5:gOiKpAuserKvpAuJMi+sPV3GykDfMNVb
Score10/10-
Snake Keylogger payload
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-