General
-
Target
5b803b60fb6d61f80c283e0dcdda2f37.exe
-
Size
1.1MB
-
Sample
220923-g12ksadch6
-
MD5
5b803b60fb6d61f80c283e0dcdda2f37
-
SHA1
ecfae4e097beb22fca101a802bbe76fbcd051280
-
SHA256
af4b499ac5c3169e9d289117b03c60091cf11ffe549f034b4911801f15b8bc33
-
SHA512
cfbfa0254392613d916604e3cc366f9fc74d9e29ccdb145b93609eb16bd2b180eed1b72bb7a897ca525b005864357517f143e32baf0d7642607c5bb1c341b037
-
SSDEEP
24576:HlwTmsaTIrKdI1bht/NAf5SRHXbEGVxB9:HlwygrKdwhnjRLf
Static task
static1
Behavioral task
behavioral1
Sample
5b803b60fb6d61f80c283e0dcdda2f37.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
5b803b60fb6d61f80c283e0dcdda2f37.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
cp5ua.hyperhost.ua - Port:
587 - Username:
arinzelog@steuler-kch.org - Password:
7213575aceACE@#$ - Email To:
arinze@steuler-kch.org
https://api.telegram.org/bot5321688653:AAEI2yqGrOA_-sRZ3xaqutrexraSgFa0AnA/sendMessage?chat_id=5048077662
Targets
-
-
Target
5b803b60fb6d61f80c283e0dcdda2f37.exe
-
Size
1.1MB
-
MD5
5b803b60fb6d61f80c283e0dcdda2f37
-
SHA1
ecfae4e097beb22fca101a802bbe76fbcd051280
-
SHA256
af4b499ac5c3169e9d289117b03c60091cf11ffe549f034b4911801f15b8bc33
-
SHA512
cfbfa0254392613d916604e3cc366f9fc74d9e29ccdb145b93609eb16bd2b180eed1b72bb7a897ca525b005864357517f143e32baf0d7642607c5bb1c341b037
-
SSDEEP
24576:HlwTmsaTIrKdI1bht/NAf5SRHXbEGVxB9:HlwygrKdwhnjRLf
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-