General
-
Target
Payment_Swift_0096986854748574.r00
-
Size
422KB
-
Sample
210421-ejckns4wbx
-
MD5
8303923a596fd9cbcc7ffe4caa2ea8c8
-
SHA1
f9a1abdf0b0df05b423a4534901dce5ca2b0a07c
-
SHA256
17967badb8bb0e2240386e286f05c9c00bcd74a991f5230ea20b2db610d8cc07
-
SHA512
974e515113c4bcf4c3c068fa3d89b56a421170daa3023c80089b2c96ba7ab149f2e1a2723950b4de4372241ced7a590083ad391a1ab37d950a8dbaef5b98c553
Static task
static1
Behavioral task
behavioral1
Sample
Payment_Swift_0096986854748574.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
Payment_Swift_0096986854748574.exe
Resource
win10v20210410
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
smtp.ancrissrl.xyz - Port:
587 - Username:
love@ancrissrl.xyz - Password:
YrwySfZ6
Targets
-
-
Target
Payment_Swift_0096986854748574.exe
-
Size
528KB
-
MD5
501154eaa3ca876fb7c705b9577d464e
-
SHA1
932caa850e234a9e39edee31db8af6b20b1d1e7b
-
SHA256
c5f98919be8b9bf07f01a6d758e1707c060e091844ca4372ba2d2c1e6980e401
-
SHA512
fd3ba9352008ebb6a3880f918972bd3db952d6737c69421d8a55d16213846e707cf9a1b1d0e698601df8fa5a52c7e744135eb152913b526d9b43bdee1e7678c8
Score10/10-
Snake Keylogger Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-