General
-
Target
232d1eff4613190138b14fd8856151cf65daf4164e80c397a5effe0f3e96509f
-
Size
709KB
-
Sample
221001-dcxp5sgdaq
-
MD5
9966c9c22e150bc6c7d7cd3a248099c0
-
SHA1
d85a8fc4babef43ab760e173654ef42f461f3c08
-
SHA256
232d1eff4613190138b14fd8856151cf65daf4164e80c397a5effe0f3e96509f
-
SHA512
5d3e69074eea921c48bec81d6aad3848298e57da5fe4a79a7367d193c33166c02d6d0ea89a04292429d2fd2dee938fc12ff21a18379be4bcfb6e032d074b738c
-
SSDEEP
6144:PtzEWsw3TvajJRvq/fd5hwltNif5I8+XTXWH+u8bd/+xs5VVxNrK2CZutbO64QQH:aqN/QmmruhRip02jF47MxGw
Static task
static1
Behavioral task
behavioral1
Sample
232d1eff4613190138b14fd8856151cf65daf4164e80c397a5effe0f3e96509f.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
cp5ua.hyperhost.ua - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@#$ - Email To:
[email protected]
https://api.telegram.org/bot5321688653:AAEI2yqGrOA_-sRZ3xaqutrexraSgFa0AnA/sendMessage?chat_id=5048077662
Targets
-
-
Target
232d1eff4613190138b14fd8856151cf65daf4164e80c397a5effe0f3e96509f
-
Size
709KB
-
MD5
9966c9c22e150bc6c7d7cd3a248099c0
-
SHA1
d85a8fc4babef43ab760e173654ef42f461f3c08
-
SHA256
232d1eff4613190138b14fd8856151cf65daf4164e80c397a5effe0f3e96509f
-
SHA512
5d3e69074eea921c48bec81d6aad3848298e57da5fe4a79a7367d193c33166c02d6d0ea89a04292429d2fd2dee938fc12ff21a18379be4bcfb6e032d074b738c
-
SSDEEP
6144:PtzEWsw3TvajJRvq/fd5hwltNif5I8+XTXWH+u8bd/+xs5VVxNrK2CZutbO64QQH:aqN/QmmruhRip02jF47MxGw
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-