General
-
Target
FINAL P.O.exe
-
Size
966KB
-
Sample
220705-n7fefsghek
-
MD5
bdfd6865e18f98f1a5ebc107008d1e3e
-
SHA1
49647ef78c892e460cb414a197a64d7ae692b74f
-
SHA256
c061fdbee9bcc8f7a144ebaa92026184cf60430b49b891539f42ec07f711acb6
-
SHA512
920027f5d439a207e41b62ec841dc9057c31a76e7fb42651a742e2fbd6785b503fed435fb0045a3018ec754cd1960fee8ad537c36969d02f93d8bbc4e7c88bf4
Static task
static1
Behavioral task
behavioral1
Sample
FINAL P.O.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
FINAL P.O.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
smtp.mail.ru - Port:
587 - Username:
ofixgh@mail.ru - Password:
HNo0YSKYdtVdxOiHgVfj - Email To:
ofixgh@mail.ru
Targets
-
-
Target
FINAL P.O.exe
-
Size
966KB
-
MD5
bdfd6865e18f98f1a5ebc107008d1e3e
-
SHA1
49647ef78c892e460cb414a197a64d7ae692b74f
-
SHA256
c061fdbee9bcc8f7a144ebaa92026184cf60430b49b891539f42ec07f711acb6
-
SHA512
920027f5d439a207e41b62ec841dc9057c31a76e7fb42651a742e2fbd6785b503fed435fb0045a3018ec754cd1960fee8ad537c36969d02f93d8bbc4e7c88bf4
Score10/10-
Snake Keylogger Payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-