General
-
Target
6372134355763200.zip
-
Size
356KB
-
Sample
210615-2x8zylzvgn
-
MD5
619c56192852e2e10e5ff0cb1c7b6157
-
SHA1
f23832f088e6fa67fc7e03ae29cf14a4e981124d
-
SHA256
71297f4b8b220b73eec6251732ae92ace5190d53c027be9bbdf0705b90511235
-
SHA512
6fcc5df64b40ff1f5dca4b23ff2a99b6daa56da6e9d761b6fcb3aa3262a7156393ffaaf13ad3654e6dfb84aed499459fc770d798e71993f52410e7add6334c0e
Static task
static1
Behavioral task
behavioral1
Sample
IMG_077010168.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
IMG_077010168.exe
Resource
win10v20210408
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
duiy.club - Port:
587 - Username:
bottle@nobetone.xyz - Password:
B]iRB~567{1
Targets
-
-
Target
IMG_077010168.exe
-
Size
383KB
-
MD5
7312858cf98a41917a7de7975e11322e
-
SHA1
9e89b172cf54ae347df7220ff3d08116b48487c1
-
SHA256
7ee7904969171bddb151071e7b02b14f7f9a560e25ba461c360a3f6b41016df0
-
SHA512
9dba707097980849c7f706b842c34eb7b38c70d6af62d61ab691f96b9f33645dc651c39b9d6d58786f71cb5279e2b45596d1b7fd7aa4fc0a941efd7e5e382b5f
Score10/10-
Snake Keylogger Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-