General
-
Target
PO2491039385.js
-
Size
536KB
-
Sample
211214-s3715aghgp
-
MD5
e09294b9ca51300793673da85e23fa34
-
SHA1
46715b9d35152983bd452eb6bf65c588b36a7ab1
-
SHA256
915ed58984f946bee7b46fd8d6a4cc81e4d7edbd6f2c52a7d0f0f0945140d23b
-
SHA512
9d5c7dcb626c7cdb9ab7bab3d73d144b8494aac1561b2b83237007486f03404bb73e539b6847fa1ec12a04e8c5448eaaa346c4d3137b2614416a95337ca081b4
Static task
static1
Behavioral task
behavioral1
Sample
PO2491039385.js
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
PO2491039385.js
Resource
win10-en-20211208
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
info@munchy.cc - Password:
success21
Extracted
vjw0rm
http://myroyailrubin2019.duia.ro:7974
Targets
-
-
Target
PO2491039385.js
-
Size
536KB
-
MD5
e09294b9ca51300793673da85e23fa34
-
SHA1
46715b9d35152983bd452eb6bf65c588b36a7ab1
-
SHA256
915ed58984f946bee7b46fd8d6a4cc81e4d7edbd6f2c52a7d0f0f0945140d23b
-
SHA512
9d5c7dcb626c7cdb9ab7bab3d73d144b8494aac1561b2b83237007486f03404bb73e539b6847fa1ec12a04e8c5448eaaa346c4d3137b2614416a95337ca081b4
-
Snake Keylogger Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-