General
-
Target
INV-11423.exe
-
Size
474KB
-
Sample
220704-jd8rpahea2
-
MD5
4e5ea0fc9708d927493464141a56e1b1
-
SHA1
d4a70dab3e55236ddb3e25ad1f26e92a85a6c407
-
SHA256
ce55bc768091b061f2d942263ef8c7aa9a6d6dd7eb0038afb79ea990588e5c42
-
SHA512
9a32fd3338fa3243dddbccd55af2159d942f3bd290395d2b23530748dc725c02cee3c7380f6cb12d6594119413f446d0db0942c0d56bf31d4dadaf7d95829aa9
Static task
static1
Behavioral task
behavioral1
Sample
INV-11423.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
INV-11423.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.stilltech.ro - Port:
587 - Username:
office@stilltech.ro - Password:
eurobit555ro - Email To:
geekgeeky04@gmail.com
Targets
-
-
Target
INV-11423.exe
-
Size
474KB
-
MD5
4e5ea0fc9708d927493464141a56e1b1
-
SHA1
d4a70dab3e55236ddb3e25ad1f26e92a85a6c407
-
SHA256
ce55bc768091b061f2d942263ef8c7aa9a6d6dd7eb0038afb79ea990588e5c42
-
SHA512
9a32fd3338fa3243dddbccd55af2159d942f3bd290395d2b23530748dc725c02cee3c7380f6cb12d6594119413f446d0db0942c0d56bf31d4dadaf7d95829aa9
Score10/10-
Snake Keylogger Payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-