General
-
Target
vbc(2).exe
-
Size
788KB
-
Sample
220930-qf3f1sdfb7
-
MD5
8ccc107097b21de8164ecb5905dcf027
-
SHA1
26437be0cd55e95a009799620b6e56e5ca441bf7
-
SHA256
4a0533ec0be699006a52b5bf38bd9e3398344d418539d55643abf915ebc478c1
-
SHA512
21f3bcfc5d119ba1a7a71bc431ec1654ba3a83a19b46ccf3884cdae5d3cb3c3f1618e62d43276a2d2d575d77b11638f7d2c7df2b6b8ee82f9629247def3ff639
-
SSDEEP
12288:MTPSle+W/paSCuAIXnSo8o7ZbMfb8vJETyUy79FrJzwzkV+XRH:+Ko//pNKIXS+x7eGUC9fM
Static task
static1
Behavioral task
behavioral1
Sample
vbc(2).exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
vbc(2).exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
LYSV$*b4 - Email To:
[email protected]
Targets
-
-
Target
vbc(2).exe
-
Size
788KB
-
MD5
8ccc107097b21de8164ecb5905dcf027
-
SHA1
26437be0cd55e95a009799620b6e56e5ca441bf7
-
SHA256
4a0533ec0be699006a52b5bf38bd9e3398344d418539d55643abf915ebc478c1
-
SHA512
21f3bcfc5d119ba1a7a71bc431ec1654ba3a83a19b46ccf3884cdae5d3cb3c3f1618e62d43276a2d2d575d77b11638f7d2c7df2b6b8ee82f9629247def3ff639
-
SSDEEP
12288:MTPSle+W/paSCuAIXnSo8o7ZbMfb8vJETyUy79FrJzwzkV+XRH:+Ko//pNKIXS+x7eGUC9fM
Score10/10-
Snake Keylogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-