General
-
Target
b61637ba04ff710d17dafb8d211b30833ec0ea1f3bd45b6314b2677a94a4164b
-
Size
524KB
-
Sample
220623-sxm4rsdgdj
-
MD5
4c16309ea000dd9b1eee89058ad3a9bc
-
SHA1
03e7f71e4937a2f84e112dcc2f475d670feb0c1b
-
SHA256
b61637ba04ff710d17dafb8d211b30833ec0ea1f3bd45b6314b2677a94a4164b
-
SHA512
7aed57114a2f185d037bbdf07a9c4ff0039f20b67536e90eab615b3a4a17803732579080204fa221dfcd2432541a809c2028e8d1169d6e9d6ac5dc2489b5892d
Static task
static1
Behavioral task
behavioral1
Sample
b61637ba04ff710d17dafb8d211b30833ec0ea1f3bd45b6314b2677a94a4164b.exe
Resource
win10-20220414-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
cp5ua.hyperhost.ua - Port:
587 - Username:
yugolog@gthltd.buzz - Password:
7213575aceACE@#$ - Email To:
yugo@gthltd.buzz
https://api.telegram.org/bot5321688653:AAEI2yqGrOA_-sRZ3xaqutrexraSgFa0AnA/sendMessage?chat_id=5048077662
Targets
-
-
Target
b61637ba04ff710d17dafb8d211b30833ec0ea1f3bd45b6314b2677a94a4164b
-
Size
524KB
-
MD5
4c16309ea000dd9b1eee89058ad3a9bc
-
SHA1
03e7f71e4937a2f84e112dcc2f475d670feb0c1b
-
SHA256
b61637ba04ff710d17dafb8d211b30833ec0ea1f3bd45b6314b2677a94a4164b
-
SHA512
7aed57114a2f185d037bbdf07a9c4ff0039f20b67536e90eab615b3a4a17803732579080204fa221dfcd2432541a809c2028e8d1169d6e9d6ac5dc2489b5892d
Score10/10-
Snake Keylogger Payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-