General
-
Target
Po.0087654112.exe
-
Size
769KB
-
Sample
220704-ve652aadan
-
MD5
e16a257a2e79f06962e2946545b57967
-
SHA1
9bde3b985a877e21832497d48442012ea31471ff
-
SHA256
57880d7e6823f9f978c7bf24260a35e8e62eaca02ba5d07832257529e9707b3c
-
SHA512
8b1a20a4e82ff91b5ee8964189d21dad23836fa3c39d21b6036d84f1a620b7e5b2420e27604063a1a9d2fde74f55c86236f7ae1e233b9d3aa73963c163513a87
Static task
static1
Behavioral task
behavioral1
Sample
Po.0087654112.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Po.0087654112.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.gaoyang-county-ycm.com - Port:
26 - Username:
info@gaoyang-county-ycm.com - Password:
nb34m5bf - Email To:
info@gaoyang-county-ycm.com
Targets
-
-
Target
Po.0087654112.exe
-
Size
769KB
-
MD5
e16a257a2e79f06962e2946545b57967
-
SHA1
9bde3b985a877e21832497d48442012ea31471ff
-
SHA256
57880d7e6823f9f978c7bf24260a35e8e62eaca02ba5d07832257529e9707b3c
-
SHA512
8b1a20a4e82ff91b5ee8964189d21dad23836fa3c39d21b6036d84f1a620b7e5b2420e27604063a1a9d2fde74f55c86236f7ae1e233b9d3aa73963c163513a87
Score10/10-
Snake Keylogger Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-