General
-
Target
SER09090899.exe
-
Size
448KB
-
Sample
210408-zs2l4kgjjj
-
MD5
2ca8a09321f6b5c4d2900d002980bd82
-
SHA1
f007ecda24bba2ca1724f36de0a712142971452c
-
SHA256
c09cdaa239728ec1c27bea92afb1d033ae7b42ca07db9785ab115a7f1c23da12
-
SHA512
15e7e28544528a41cb9474b9c604b3e7881f14e8e6d6d574172b318d9c883553a1cc4eb9f89db8eecf46875ff6d9d2b331372ace7ebe9d598d5c5357480aa739
Static task
static1
Behavioral task
behavioral1
Sample
SER09090899.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
SER09090899.exe
Resource
win10v20201028
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
smtp.ionos.com - Port:
587 - Username:
miguel.chiliguano@sismode.com - Password:
Miguel1.2
Targets
-
-
Target
SER09090899.exe
-
Size
448KB
-
MD5
2ca8a09321f6b5c4d2900d002980bd82
-
SHA1
f007ecda24bba2ca1724f36de0a712142971452c
-
SHA256
c09cdaa239728ec1c27bea92afb1d033ae7b42ca07db9785ab115a7f1c23da12
-
SHA512
15e7e28544528a41cb9474b9c604b3e7881f14e8e6d6d574172b318d9c883553a1cc4eb9f89db8eecf46875ff6d9d2b331372ace7ebe9d598d5c5357480aa739
Score10/10-
Snake Keylogger Payload
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-