General
-
Target
PO031656.exe
-
Size
893KB
-
Sample
210622-cnzd6l8cvx
-
MD5
49107ecd2118e55b971088b19d1f05b2
-
SHA1
7978c25b86b47dba57daefe69f897338ed0d3694
-
SHA256
e89683ea60a246d6fc1744cafaacc17872fe348a3d655793d6513a1271151e60
-
SHA512
557aa31b3a37455005ade68b9cb000e3fcb75cbc369025be12475a40b4b7161e203ab21dcea3f9955ae3efae56d13f4caace24eaf4946dbc0ffec3c00975a85c
Static task
static1
Behavioral task
behavioral1
Sample
PO031656.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
PO031656.exe
Resource
win10v20210408
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
nicolas.sautter@chsauter-bc.com - Password:
111aaa
Targets
-
-
Target
PO031656.exe
-
Size
893KB
-
MD5
49107ecd2118e55b971088b19d1f05b2
-
SHA1
7978c25b86b47dba57daefe69f897338ed0d3694
-
SHA256
e89683ea60a246d6fc1744cafaacc17872fe348a3d655793d6513a1271151e60
-
SHA512
557aa31b3a37455005ade68b9cb000e3fcb75cbc369025be12475a40b4b7161e203ab21dcea3f9955ae3efae56d13f4caace24eaf4946dbc0ffec3c00975a85c
Score10/10-
Snake Keylogger Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-