General
-
Target
Qr6TGA9mxOLh8uw.exe
-
Size
861KB
-
Sample
210422-zxn5n5n5tx
-
MD5
75e3ac98d0f0de52a1b12331aee1beab
-
SHA1
b22e781f5ee36d425e482f55c34c2f7e97ce5b1f
-
SHA256
76b6d7a1e7b29d60a460a07a4059b40cde01d0c04ae0c32a5149230f43833f4e
-
SHA512
0fc09192caeb4f228333fcf3cad83ad9abce45985339f67b1d0dde0748cd0382a1ef8703e5713e84b6e856d94306a24dfac287cfe1ceed6aa18406305d904a53
Static task
static1
Behavioral task
behavioral1
Sample
Qr6TGA9mxOLh8uw.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
Qr6TGA9mxOLh8uw.exe
Resource
win10v20210410
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.cleo2solutions.com.au - Port:
587 - Username:
accounts@cleo2solutions.com.au - Password:
Enter@222
Targets
-
-
Target
Qr6TGA9mxOLh8uw.exe
-
Size
861KB
-
MD5
75e3ac98d0f0de52a1b12331aee1beab
-
SHA1
b22e781f5ee36d425e482f55c34c2f7e97ce5b1f
-
SHA256
76b6d7a1e7b29d60a460a07a4059b40cde01d0c04ae0c32a5149230f43833f4e
-
SHA512
0fc09192caeb4f228333fcf3cad83ad9abce45985339f67b1d0dde0748cd0382a1ef8703e5713e84b6e856d94306a24dfac287cfe1ceed6aa18406305d904a53
Score10/10-
Snake Keylogger Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-