General
-
Target
gregzx.exe
-
Size
699KB
-
Sample
220522-f5bpgsfgf7
-
MD5
b5211b4f224d8b9e5b43a09a9d99840a
-
SHA1
29ca332c5f512d8767251d2e707e36ae41476a56
-
SHA256
0e1727e8db89ee82bc788703a6ea9304b3c8db4585abaa17be4d3f99ac6f7c93
-
SHA512
1dafc1e88ef2e21fb33e30f01fc30d5aebc821d97a3719a2455b25d3720c1ea08346b95f99acf6b9752459607936cde44c415004af38f53ad4da49f3aa3084f8
Static task
static1
Behavioral task
behavioral1
Sample
gregzx.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
gregzx.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
samsung-tv.buzz - Port:
587 - Username:
greglog@samsung-tv.buzz - Password:
7213575aceACE@#$ - Email To:
greg@samsung-tv.buzz
Targets
-
-
Target
gregzx.exe
-
Size
699KB
-
MD5
b5211b4f224d8b9e5b43a09a9d99840a
-
SHA1
29ca332c5f512d8767251d2e707e36ae41476a56
-
SHA256
0e1727e8db89ee82bc788703a6ea9304b3c8db4585abaa17be4d3f99ac6f7c93
-
SHA512
1dafc1e88ef2e21fb33e30f01fc30d5aebc821d97a3719a2455b25d3720c1ea08346b95f99acf6b9752459607936cde44c415004af38f53ad4da49f3aa3084f8
Score10/10-
Snake Keylogger Payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-