General
-
Target
Document.exe
-
Size
573KB
-
Sample
220706-g52fksbfb2
-
MD5
fa655ab3e42d445235099a3f3f3ff365
-
SHA1
489c12bc962e703607456fb7c44be799ef3d9595
-
SHA256
8ae4f4878dff4e9af925165ac386f005efddaa49729482153f3ac945a83798c7
-
SHA512
1522b4f005ee8d638ad67ad8c041aec275199dbe97de9ad73e6660ed8e10b664fcaa41322d99a6a941fc97101e4b2b430b262683539c686a20fc71b737d2a4cb
Static task
static1
Behavioral task
behavioral1
Sample
Document.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Document.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.universaleagles-ye.com - Port:
587 - Username:
kahtan@universaleagles-ye.com - Password:
UEss@@202122 - Email To:
powerofworkissure@gmail.com
Targets
-
-
Target
Document.exe
-
Size
573KB
-
MD5
fa655ab3e42d445235099a3f3f3ff365
-
SHA1
489c12bc962e703607456fb7c44be799ef3d9595
-
SHA256
8ae4f4878dff4e9af925165ac386f005efddaa49729482153f3ac945a83798c7
-
SHA512
1522b4f005ee8d638ad67ad8c041aec275199dbe97de9ad73e6660ed8e10b664fcaa41322d99a6a941fc97101e4b2b430b262683539c686a20fc71b737d2a4cb
Score10/10-
Snake Keylogger Payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-