General
-
Target
2b65ca292f6824f517064afbfc4983a32f844122b3594eb1c835201ad52ee1ba
-
Size
942KB
-
Sample
210617-ghqb7abmya
-
MD5
70aa292c2fce4a269b058cead3dbc5be
-
SHA1
8828e715d1e9aae61e55f0a3299b29c148b8dd5b
-
SHA256
2b65ca292f6824f517064afbfc4983a32f844122b3594eb1c835201ad52ee1ba
-
SHA512
e1532706c16a4fb8e6e8c6760ee4b0a90d3d9b5768f8ac33a07d4fe425bc9ffd1773d98fea04d77ed6ba7f8e48c837ab838319c0c1af4c5b8485a6576650e222
Static task
static1
Behavioral task
behavioral1
Sample
2b65ca292f6824f517064afbfc4983a32f844122b3594eb1c835201ad52ee1ba.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
2b65ca292f6824f517064afbfc4983a32f844122b3594eb1c835201ad52ee1ba.exe
Resource
win10v20210408
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
smtp.faret-cn.com - Port:
587 - Username:
darwin@faret-cn.com - Password:
mzn}$Q5hv4A_
Targets
-
-
Target
2b65ca292f6824f517064afbfc4983a32f844122b3594eb1c835201ad52ee1ba
-
Size
942KB
-
MD5
70aa292c2fce4a269b058cead3dbc5be
-
SHA1
8828e715d1e9aae61e55f0a3299b29c148b8dd5b
-
SHA256
2b65ca292f6824f517064afbfc4983a32f844122b3594eb1c835201ad52ee1ba
-
SHA512
e1532706c16a4fb8e6e8c6760ee4b0a90d3d9b5768f8ac33a07d4fe425bc9ffd1773d98fea04d77ed6ba7f8e48c837ab838319c0c1af4c5b8485a6576650e222
Score10/10-
Snake Keylogger Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-