General
-
Target
324de7cb6ed22d631abe9919c03bb11af1c1929d2edb97c7cee4ecb43f9f7cb7
-
Size
466KB
-
Sample
220704-relmjsbga4
-
MD5
d12d3c1c3ee6ed20bf59e031f76a0a4d
-
SHA1
c32747e5a25cfbbb60bafd199ff6438824214011
-
SHA256
324de7cb6ed22d631abe9919c03bb11af1c1929d2edb97c7cee4ecb43f9f7cb7
-
SHA512
091ff22c0b73ae9f92b126264dccc8d95b4838b685001038f875ca65ff46f48cb1c1e378fb05ff92de41d70b8062b28b6f6b4c3c814ce48d1144bf323060fd88
Static task
static1
Behavioral task
behavioral1
Sample
324de7cb6ed22d631abe9919c03bb11af1c1929d2edb97c7cee4ecb43f9f7cb7.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
324de7cb6ed22d631abe9919c03bb11af1c1929d2edb97c7cee4ecb43f9f7cb7.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.bhungar.com - Port:
587 - Username:
report@bhungar.com - Password:
AlXgB.Kl*GJA
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.bhungar.com - Port:
587 - Username:
report@bhungar.com - Password:
AlXgB.Kl*GJA - Email To:
br1ghtman@yandex.com
Targets
-
-
Target
324de7cb6ed22d631abe9919c03bb11af1c1929d2edb97c7cee4ecb43f9f7cb7
-
Size
466KB
-
MD5
d12d3c1c3ee6ed20bf59e031f76a0a4d
-
SHA1
c32747e5a25cfbbb60bafd199ff6438824214011
-
SHA256
324de7cb6ed22d631abe9919c03bb11af1c1929d2edb97c7cee4ecb43f9f7cb7
-
SHA512
091ff22c0b73ae9f92b126264dccc8d95b4838b685001038f875ca65ff46f48cb1c1e378fb05ff92de41d70b8062b28b6f6b4c3c814ce48d1144bf323060fd88
Score10/10-
Snake Keylogger Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-