General
-
Target
bbeb164b901654bacd76fb01a56f272c.exe
-
Size
581KB
-
Sample
220704-wjkchacee4
-
MD5
bbeb164b901654bacd76fb01a56f272c
-
SHA1
d74f4a55462ef2aed2cca85222cb15706fa9879a
-
SHA256
18ea892584b28a8f75ad61a8cef9fa24991822a3c85c1d35a9cab8b1752c762e
-
SHA512
46241e81a1d38d73f995dca84abd5d6e63527b5b41812c771d4825df9fb87f09e055d2cbcaf09d61ca39803c26a2a4484a69000de0be71f4afe602c2514047a3
Static task
static1
Behavioral task
behavioral1
Sample
bbeb164b901654bacd76fb01a56f272c.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
bbeb164b901654bacd76fb01a56f272c.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
cp5ua.hyperhost.ua - Port:
587 - Username:
arinzelog@valete.buzz - Password:
7213575aceACE@#$ - Email To:
arinze@valete.buzz
https://api.telegram.org/bot5321688653:AAEI2yqGrOA_-sRZ3xaqutrexraSgFa0AnA/sendMessage?chat_id=5048077662
Targets
-
-
Target
bbeb164b901654bacd76fb01a56f272c.exe
-
Size
581KB
-
MD5
bbeb164b901654bacd76fb01a56f272c
-
SHA1
d74f4a55462ef2aed2cca85222cb15706fa9879a
-
SHA256
18ea892584b28a8f75ad61a8cef9fa24991822a3c85c1d35a9cab8b1752c762e
-
SHA512
46241e81a1d38d73f995dca84abd5d6e63527b5b41812c771d4825df9fb87f09e055d2cbcaf09d61ca39803c26a2a4484a69000de0be71f4afe602c2514047a3
Score10/10-
Snake Keylogger Payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-