General
-
Target
15f584b9057bb908c7db7bd68070b157.exe
-
Size
471KB
-
Sample
220706-ta2t3seebl
-
MD5
15f584b9057bb908c7db7bd68070b157
-
SHA1
d0f87e7db1caf891713cb9aa47f02795620a6576
-
SHA256
1bbe67e38e82cecfa2da8e8c5d1df93f37f92cd1d005a57169e9379d158df3bf
-
SHA512
a5384b4569334777fb08d862071d793ffe538560e8c631d229184ec95157156fdcd826110655f50704e363fbe365104c7f282e9f19c8b34545bcdd0ea9f8f61b
Static task
static1
Behavioral task
behavioral1
Sample
15f584b9057bb908c7db7bd68070b157.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
15f584b9057bb908c7db7bd68070b157.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.stilltech.ro - Port:
587 - Username:
office@stilltech.ro - Password:
eurobit555ro - Email To:
princenewman1111@gmail.com
Targets
-
-
Target
15f584b9057bb908c7db7bd68070b157.exe
-
Size
471KB
-
MD5
15f584b9057bb908c7db7bd68070b157
-
SHA1
d0f87e7db1caf891713cb9aa47f02795620a6576
-
SHA256
1bbe67e38e82cecfa2da8e8c5d1df93f37f92cd1d005a57169e9379d158df3bf
-
SHA512
a5384b4569334777fb08d862071d793ffe538560e8c631d229184ec95157156fdcd826110655f50704e363fbe365104c7f282e9f19c8b34545bcdd0ea9f8f61b
Score10/10-
Snake Keylogger Payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-