General
-
Target
Bank Details.exe
-
Size
561KB
-
Sample
210421-dar5jvwpz2
-
MD5
1fa594a225db6660840cb2ab2f545e7c
-
SHA1
38afb75a218166db0cf13c49ea7cc48cdcecea81
-
SHA256
42369fde3cdabda5b102802a1071f0a46bb44ec3130a7a7012be3fcdea82c519
-
SHA512
ccdbd31e6afd9620c3b296cb65ae181dcf7d40126f037106b342e3246debde9907107c2afe9656f79eaba901dd0091efb7d216c0069e3fbe9ff2f5eed85eaf8c
Static task
static1
Behavioral task
behavioral1
Sample
Bank Details.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
Bank Details.exe
Resource
win10v20210410
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
smtp.vivaldi.net - Port:
587 - Username:
snakelogs@vivaldi.net - Password:
chuksypayment1759
Targets
-
-
Target
Bank Details.exe
-
Size
561KB
-
MD5
1fa594a225db6660840cb2ab2f545e7c
-
SHA1
38afb75a218166db0cf13c49ea7cc48cdcecea81
-
SHA256
42369fde3cdabda5b102802a1071f0a46bb44ec3130a7a7012be3fcdea82c519
-
SHA512
ccdbd31e6afd9620c3b296cb65ae181dcf7d40126f037106b342e3246debde9907107c2afe9656f79eaba901dd0091efb7d216c0069e3fbe9ff2f5eed85eaf8c
Score10/10-
Snake Keylogger Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-