General
-
Target
0949202022.exe
-
Size
780KB
-
Sample
220705-ljrrgahgd7
-
MD5
8ec22e0e553295fa4014ad56b577f521
-
SHA1
fc1c91ccd6224fc3b11e1b9628e3954ca7a91934
-
SHA256
68b354e2ae79d93e08d41a48c6a49a74c880f4baafa6309646b086d4af2abe4c
-
SHA512
295422958ce14b383a08606a02c48bf86a1414c3242ea898bf1da410d9c61b02b95c84a60036ddb776820b98707f22b5cd685e4e30dbcfcd2e487a7d1a861d63
Static task
static1
Behavioral task
behavioral1
Sample
0949202022.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
0949202022.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.universaleagles-ye.com - Port:
587 - Username:
kahtan@universaleagles-ye.com - Password:
UEss@@202122 - Email To:
powerofworkissure@gmail.com
Targets
-
-
Target
0949202022.exe
-
Size
780KB
-
MD5
8ec22e0e553295fa4014ad56b577f521
-
SHA1
fc1c91ccd6224fc3b11e1b9628e3954ca7a91934
-
SHA256
68b354e2ae79d93e08d41a48c6a49a74c880f4baafa6309646b086d4af2abe4c
-
SHA512
295422958ce14b383a08606a02c48bf86a1414c3242ea898bf1da410d9c61b02b95c84a60036ddb776820b98707f22b5cd685e4e30dbcfcd2e487a7d1a861d63
Score10/10-
Snake Keylogger Payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-