General
-
Target
tmp
-
Size
433KB
-
Sample
220702-qekvkshbh2
-
MD5
a359ed6ff4218c76aedfbc4e7bf21f8e
-
SHA1
348741f5e4239294319343588bb782f253ab654d
-
SHA256
a5f3c49331caf70461e36db7db7dc0d6ebeb8dcfc06a5d5a747681fb75ae9a50
-
SHA512
4fbc20666bd5202a50ee04efed6afaddfb5c93d39d65b26d51987fd84b745102718f674252e7477301d637db2ffaefcfc920b0420cad9aaebb3ce080247f4730
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
tmp.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
cp5ua.hyperhost.ua - Port:
587 - Username:
wealthlog@saonline.xyz - Password:
7213575aceACE@#$ - Email To:
wealth@saonline.xyz
https://api.telegram.org/bot5321688653:AAEI2yqGrOA_-sRZ3xaqutrexraSgFa0AnA/sendMessage?chat_id=5048077662
Targets
-
-
Target
tmp
-
Size
433KB
-
MD5
a359ed6ff4218c76aedfbc4e7bf21f8e
-
SHA1
348741f5e4239294319343588bb782f253ab654d
-
SHA256
a5f3c49331caf70461e36db7db7dc0d6ebeb8dcfc06a5d5a747681fb75ae9a50
-
SHA512
4fbc20666bd5202a50ee04efed6afaddfb5c93d39d65b26d51987fd84b745102718f674252e7477301d637db2ffaefcfc920b0420cad9aaebb3ce080247f4730
Score10/10-
Snake Keylogger Payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-