General
-
Target
accounts...exe
-
Size
556KB
-
Sample
211201-psxwmacadr
-
MD5
089ce20083a06cdf98f86957a5e8a038
-
SHA1
89a4ea2ed4f29fafa40fcfbc147250d3cf50ae65
-
SHA256
d3340130a8b237e60fb9f0556a261711cd437fde5fc9a1873a750ad4e7fbf057
-
SHA512
61b40fd7860c8f7ff921f3106e03f83b7904fce2c57b30edaba53f902fc89ababf757059ce16635df56b96ead71039aba5e7aba51f11c14680fb0006ea5cf895
Static task
static1
Behavioral task
behavioral1
Sample
accounts...exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
accounts...exe
Resource
win10-en-20211104
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.greentrading.com.pk - Port:
26 - Username:
info@greentrading.com.pk - Password:
lovetoall
Targets
-
-
Target
accounts...exe
-
Size
556KB
-
MD5
089ce20083a06cdf98f86957a5e8a038
-
SHA1
89a4ea2ed4f29fafa40fcfbc147250d3cf50ae65
-
SHA256
d3340130a8b237e60fb9f0556a261711cd437fde5fc9a1873a750ad4e7fbf057
-
SHA512
61b40fd7860c8f7ff921f3106e03f83b7904fce2c57b30edaba53f902fc89ababf757059ce16635df56b96ead71039aba5e7aba51f11c14680fb0006ea5cf895
Score10/10-
Snake Keylogger Payload
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-