General
-
Target
PO#31052021104221.lzh
-
Size
344KB
-
Sample
210531-he7ar465nx
-
MD5
57deef2c72935a621dfd2bbca743879f
-
SHA1
43637d76577fec8725e1ae16b0cc095dc17c91fe
-
SHA256
dc2a52a1f8ecfdb31bae650c9aacda445ab30fac797e7f201fbac85babcd927a
-
SHA512
db5911f5362d76577c42ccc9c695b42bedc771dd80b480dcaca961eb6c5bd0c0f3f41b41d5d3a59ba6b9afd8b8fad156d733aa2adb8a69ab88ad686af3007139
Static task
static1
Behavioral task
behavioral1
Sample
PO#31052021104221.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
PO#31052021104221.exe
Resource
win10v20210410
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
msonsgroup.in - Port:
587 - Username:
[email protected] - Password:
speak2424@
Targets
-
-
Target
PO#31052021104221.exe
-
Size
791KB
-
MD5
02549a3475f0a396c95b093547be8448
-
SHA1
b786b4cf23754d88519ba070f6d255715374d00c
-
SHA256
8c931f6459c6683ac41b0d1bf1600800404407cbd892bfe495cfaea1945feee9
-
SHA512
b7b9afb61f1bfda1e140a4c8ea9a2f36cc5f0272f40ddb6743578903b25aee2cee0002443a61a321dfe41b0d8b054ea120e93f70269ecea34a110db8bf5dd02a
Score10/10-
Snake Keylogger Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-