General
-
Target
Bank Details.rar
-
Size
456KB
-
Sample
210421-yavk7f5exn
-
MD5
7a8c59a4794d9ec5a8b0256f5e339bd5
-
SHA1
acb3dd72143c7d9d404b689150bdbe6843c712b3
-
SHA256
3e4dfe7c5416c432107685e308c803d888df1f5d78949a11c535ee926216c635
-
SHA512
b7cfd5ea643fb95fc144d1b85a6c3403e7500fc3122df5d82cd761803bc045cf98af0d6c583fa5335ae9d2e3b95c38e3c704f96d71e7359d8b1dcf870aaf2921
Static task
static1
Behavioral task
behavioral1
Sample
Bank Details.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Bank Details.exe
Resource
win10v20210408
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
smtp.vivaldi.net - Port:
587 - Username:
snakelogs@vivaldi.net - Password:
chuksypayment1759
Targets
-
-
Target
Bank Details.exe
-
Size
561KB
-
MD5
1fa594a225db6660840cb2ab2f545e7c
-
SHA1
38afb75a218166db0cf13c49ea7cc48cdcecea81
-
SHA256
42369fde3cdabda5b102802a1071f0a46bb44ec3130a7a7012be3fcdea82c519
-
SHA512
ccdbd31e6afd9620c3b296cb65ae181dcf7d40126f037106b342e3246debde9907107c2afe9656f79eaba901dd0091efb7d216c0069e3fbe9ff2f5eed85eaf8c
Score10/10-
Snake Keylogger Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-