General
-
Target
Payment_Swift_0096986854748574.exe
-
Size
528KB
-
Sample
210421-3nrw8lnvqe
-
MD5
501154eaa3ca876fb7c705b9577d464e
-
SHA1
932caa850e234a9e39edee31db8af6b20b1d1e7b
-
SHA256
c5f98919be8b9bf07f01a6d758e1707c060e091844ca4372ba2d2c1e6980e401
-
SHA512
fd3ba9352008ebb6a3880f918972bd3db952d6737c69421d8a55d16213846e707cf9a1b1d0e698601df8fa5a52c7e744135eb152913b526d9b43bdee1e7678c8
Static task
static1
Behavioral task
behavioral1
Sample
Payment_Swift_0096986854748574.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
Payment_Swift_0096986854748574.exe
Resource
win10v20210410
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
smtp.ancrissrl.xyz - Port:
587 - Username:
love@ancrissrl.xyz - Password:
YrwySfZ6
Targets
-
-
Target
Payment_Swift_0096986854748574.exe
-
Size
528KB
-
MD5
501154eaa3ca876fb7c705b9577d464e
-
SHA1
932caa850e234a9e39edee31db8af6b20b1d1e7b
-
SHA256
c5f98919be8b9bf07f01a6d758e1707c060e091844ca4372ba2d2c1e6980e401
-
SHA512
fd3ba9352008ebb6a3880f918972bd3db952d6737c69421d8a55d16213846e707cf9a1b1d0e698601df8fa5a52c7e744135eb152913b526d9b43bdee1e7678c8
Score10/10-
Snake Keylogger Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-