General
-
Target
292c106dcd8451a468b2055bf447d2fadfc3a1d800994ed8f69df657fe314f6d
-
Size
1.0MB
-
Sample
220705-n8evbaagg8
-
MD5
915ee53a8de4c4acec9cd19e43e91779
-
SHA1
8c31497e0fb8ee718144c256575874eea2f630b5
-
SHA256
292c106dcd8451a468b2055bf447d2fadfc3a1d800994ed8f69df657fe314f6d
-
SHA512
c137bd387277050884e1cfa9cfa03844fd148d7129393632b7d26b68c8daace6a5d0db7e7dabb53088a8f44e7bb3cba2491496477d66c464401dc783abb8a1d4
Static task
static1
Behavioral task
behavioral1
Sample
292c106dcd8451a468b2055bf447d2fadfc3a1d800994ed8f69df657fe314f6d.exe
Resource
win10-20220414-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
cp5ua.hyperhost.ua - Port:
587 - Username:
wealthlog@saonline.xyz - Password:
7213575aceACE@#$ - Email To:
wealth@saonline.xyz
https://api.telegram.org/bot5321688653:AAEI2yqGrOA_-sRZ3xaqutrexraSgFa0AnA/sendMessage?chat_id=5048077662
Targets
-
-
Target
292c106dcd8451a468b2055bf447d2fadfc3a1d800994ed8f69df657fe314f6d
-
Size
1.0MB
-
MD5
915ee53a8de4c4acec9cd19e43e91779
-
SHA1
8c31497e0fb8ee718144c256575874eea2f630b5
-
SHA256
292c106dcd8451a468b2055bf447d2fadfc3a1d800994ed8f69df657fe314f6d
-
SHA512
c137bd387277050884e1cfa9cfa03844fd148d7129393632b7d26b68c8daace6a5d0db7e7dabb53088a8f44e7bb3cba2491496477d66c464401dc783abb8a1d4
Score10/10-
Snake Keylogger Payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-