General
-
Target
d6ba9d2d284986b4cd493ea1af306d3150c4467e121909eed7bdcfe3fee2f0fd
-
Size
1.0MB
-
Sample
220705-l74qyagaer
-
MD5
ee87c9588dc041d53d9df5d85744732c
-
SHA1
43dd861b08ce60fc1be3e3b1b2858471cd20968d
-
SHA256
d6ba9d2d284986b4cd493ea1af306d3150c4467e121909eed7bdcfe3fee2f0fd
-
SHA512
a6d8f445b99cac0077750d3fd91f82c0ffca7fb38844669e06ebfce03a9af4282597a738d562c5b46b17c4356f705739ccb6ca3973bc1a527853845d6279cdc4
Static task
static1
Behavioral task
behavioral1
Sample
d6ba9d2d284986b4cd493ea1af306d3150c4467e121909eed7bdcfe3fee2f0fd.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
cp5ua.hyperhost.ua - Port:
587 - Username:
arinzelog@valete.buzz - Password:
7213575aceACE@#$ - Email To:
arinze@valete.buzz
https://api.telegram.org/bot5321688653:AAEI2yqGrOA_-sRZ3xaqutrexraSgFa0AnA/sendMessage?chat_id=5048077662
Targets
-
-
Target
d6ba9d2d284986b4cd493ea1af306d3150c4467e121909eed7bdcfe3fee2f0fd
-
Size
1.0MB
-
MD5
ee87c9588dc041d53d9df5d85744732c
-
SHA1
43dd861b08ce60fc1be3e3b1b2858471cd20968d
-
SHA256
d6ba9d2d284986b4cd493ea1af306d3150c4467e121909eed7bdcfe3fee2f0fd
-
SHA512
a6d8f445b99cac0077750d3fd91f82c0ffca7fb38844669e06ebfce03a9af4282597a738d562c5b46b17c4356f705739ccb6ca3973bc1a527853845d6279cdc4
Score10/10-
Snake Keylogger Payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-