General
-
Target
303a311868f65121392b851d610054b544181e14d697b1151ef0f490e3a8dbd0
-
Size
564KB
-
Sample
220705-c6lz3afbg4
-
MD5
e99a568ef082bfca5af20fbb88d61e02
-
SHA1
ccdfbafcd141e00bcaa748827142daabdd5729e5
-
SHA256
303a311868f65121392b851d610054b544181e14d697b1151ef0f490e3a8dbd0
-
SHA512
f0081d4e744084dd09401e734955ba402ba0a9046274348978828ea4aa3be724c5dcca432590a7d2c3fa3654bbced6576812a2a5785dfc59ff7421943aa8934d
Static task
static1
Behavioral task
behavioral1
Sample
303a311868f65121392b851d610054b544181e14d697b1151ef0f490e3a8dbd0.exe
Resource
win10-20220414-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
cp5ua.hyperhost.ua - Port:
587 - Username:
arinzelog@valete.buzz - Password:
7213575aceACE@#$ - Email To:
arinze@valete.buzz
https://api.telegram.org/bot5321688653:AAEI2yqGrOA_-sRZ3xaqutrexraSgFa0AnA/sendMessage?chat_id=5048077662
Targets
-
-
Target
303a311868f65121392b851d610054b544181e14d697b1151ef0f490e3a8dbd0
-
Size
564KB
-
MD5
e99a568ef082bfca5af20fbb88d61e02
-
SHA1
ccdfbafcd141e00bcaa748827142daabdd5729e5
-
SHA256
303a311868f65121392b851d610054b544181e14d697b1151ef0f490e3a8dbd0
-
SHA512
f0081d4e744084dd09401e734955ba402ba0a9046274348978828ea4aa3be724c5dcca432590a7d2c3fa3654bbced6576812a2a5785dfc59ff7421943aa8934d
Score10/10-
Snake Keylogger Payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-