General
-
Target
CITIO345790388575842.lzh
-
Size
576KB
-
Sample
210621-jrq3z9hc9j
-
MD5
aa53f2a7b98618ae3e64266d1fdf8151
-
SHA1
6303b68a6fcc85909148ffe3e10901e8a755a238
-
SHA256
02676adf4579e854ab89b7429ca0a1c1772757078c8b2092b22838367582c257
-
SHA512
4014138e3935f7b8a8f84e1efaa6fbb2a1764daf4d1358619ab239bf50c88968fd572b883fcc13f4c6d7e4d7050c436407307b8d1b23a92c91aefc955cdeab93
Static task
static1
Behavioral task
behavioral1
Sample
CITIO345790388575842.bat.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
CITIO345790388575842.bat.exe
Resource
win10v20210410
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
kinghybrid@myexodus1.com - Password:
$ASmZLn8
Targets
-
-
Target
CITIO345790388575842.bat
-
Size
1009KB
-
MD5
bcdae83fb97bd61e01b267d1ab28176b
-
SHA1
3bf182ffa7e6998a2c45d363c98bc84439421f4e
-
SHA256
a8cb01559f80f2f6b8448554b985367a12670856dab7f61e248ab2e0973c65a1
-
SHA512
6618f7dafe0224da754f325aabb0449e3c1f9e98ded6c9d0a6f6c01cfc18d31ac1273392c2ae8f0f4e5cda0c4403f207e1b70e8403591575cf525c825127f19e
Score10/10-
Snake Keylogger Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-