General
-
Target
1f525a8d8195fc99382b8acce5fadbc3.exe
-
Size
422KB
-
Sample
220706-ta2t3sgfb9
-
MD5
1f525a8d8195fc99382b8acce5fadbc3
-
SHA1
8c6c1e22add0ac9581820b39740b6c9621bbb964
-
SHA256
7163dd515cb2369c7b9ed2f235a06ac01f6623c6ea2f4d9647b5abada0dae6c1
-
SHA512
256e1a8d56913465f5f82d832a033515718fdd7e905602e844ff5687a355182184db52b5cb3713cf6f4c868b3db85357f18c72409d83eece1ba7a3169fa27317
Static task
static1
Behavioral task
behavioral1
Sample
1f525a8d8195fc99382b8acce5fadbc3.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
1f525a8d8195fc99382b8acce5fadbc3.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.maruti-msm.com - Port:
26 - Username:
venkat.r@maruti-msm.com - Password:
P@55wrd9090 - Email To:
venkat.r@maruti-msm.com
Targets
-
-
Target
1f525a8d8195fc99382b8acce5fadbc3.exe
-
Size
422KB
-
MD5
1f525a8d8195fc99382b8acce5fadbc3
-
SHA1
8c6c1e22add0ac9581820b39740b6c9621bbb964
-
SHA256
7163dd515cb2369c7b9ed2f235a06ac01f6623c6ea2f4d9647b5abada0dae6c1
-
SHA512
256e1a8d56913465f5f82d832a033515718fdd7e905602e844ff5687a355182184db52b5cb3713cf6f4c868b3db85357f18c72409d83eece1ba7a3169fa27317
-
Snake Keylogger Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-