General
-
Target
be8928c5_by_Libranalysis
-
Size
576KB
-
Sample
210511-34h1qqk23n
-
MD5
be8928c5a8b81bd3dc8c5c031bffb529
-
SHA1
f5a55492ca257306cb51b10169cf37bb6bee4caf
-
SHA256
b9b7c8c13a609e6a8ecdafaf039b5f7505f7fb72d444a41ff7705a8a249e4b4b
-
SHA512
c8b5c29602ea94d5b605bc57a7934f91b6be3711dfd865c06409abc88aaded09922cea5f7c7e940651e8b0d5918a8b76e6c249ab57da3d243a67f0cc377892f4
Static task
static1
Behavioral task
behavioral1
Sample
be8928c5_by_Libranalysis.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
be8928c5_by_Libranalysis.exe
Resource
win10v20210410
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
smtp.ionos.com - Port:
587 - Username:
office@airtechair.net - Password:
Airtech2010@
Targets
-
-
Target
be8928c5_by_Libranalysis
-
Size
576KB
-
MD5
be8928c5a8b81bd3dc8c5c031bffb529
-
SHA1
f5a55492ca257306cb51b10169cf37bb6bee4caf
-
SHA256
b9b7c8c13a609e6a8ecdafaf039b5f7505f7fb72d444a41ff7705a8a249e4b4b
-
SHA512
c8b5c29602ea94d5b605bc57a7934f91b6be3711dfd865c06409abc88aaded09922cea5f7c7e940651e8b0d5918a8b76e6c249ab57da3d243a67f0cc377892f4
Score10/10-
Snake Keylogger Payload
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-