General
-
Target
Order.009993337.exe
-
Size
550KB
-
Sample
211203-lr7snabac7
-
MD5
d2360fe15b37eb34a479aefa87fa48e3
-
SHA1
b812bb43a88e0f63558c646615c693347ebbbf7a
-
SHA256
75f7a5b155426bf485770e395bac90894eee5f8d1742f774429d726f7a5156bc
-
SHA512
669c9f76a06103ab59f1e2b4a8bccbc5005c1b82dd80279820ead3470c3cdd148081297e1b3e9c895584a52e5ff7f596735108b6272989e925c1a2fca725c9ab
Static task
static1
Behavioral task
behavioral1
Sample
Order.009993337.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
Order.009993337.exe
Resource
win10-en-20211104
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.greentrading.com.pk - Port:
26 - Username:
[email protected] - Password:
lovetoall
Targets
-
-
Target
Order.009993337.exe
-
Size
550KB
-
MD5
d2360fe15b37eb34a479aefa87fa48e3
-
SHA1
b812bb43a88e0f63558c646615c693347ebbbf7a
-
SHA256
75f7a5b155426bf485770e395bac90894eee5f8d1742f774429d726f7a5156bc
-
SHA512
669c9f76a06103ab59f1e2b4a8bccbc5005c1b82dd80279820ead3470c3cdd148081297e1b3e9c895584a52e5ff7f596735108b6272989e925c1a2fca725c9ab
Score10/10-
Snake Keylogger Payload
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-