General
-
Target
1cf412b9243052400edd50a81160672b.exe
-
Size
1.0MB
-
Sample
221001-h4x77sgfbr
-
MD5
1cf412b9243052400edd50a81160672b
-
SHA1
bc0c5a1b8aa25b32b2e70eac6046d3c272757ac8
-
SHA256
880b378522192934f3385f82fb9405edfbc887713509d16cf9713d3ca95a41e1
-
SHA512
116dfc5e12c678eecd91e5c5600f62526037923cfeb2b1f642d87d4796299040572fb0b6d28e4892f11f2f7a9292ec37b98ba9092e5dc962df7d1c59cfedd3e0
-
SSDEEP
24576:bw/Y7Tpj64nDyEh5PQyw2+XhdxNV/E4w/W:s/qTtrDyWtrwZBs
Static task
static1
Behavioral task
behavioral1
Sample
1cf412b9243052400edd50a81160672b.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
1cf412b9243052400edd50a81160672b.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
cp5ua.hyperhost.ua - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@#$ - Email To:
[email protected]
https://api.telegram.org/bot5321688653:AAEI2yqGrOA_-sRZ3xaqutrexraSgFa0AnA/sendMessage?chat_id=5048077662
Targets
-
-
Target
1cf412b9243052400edd50a81160672b.exe
-
Size
1.0MB
-
MD5
1cf412b9243052400edd50a81160672b
-
SHA1
bc0c5a1b8aa25b32b2e70eac6046d3c272757ac8
-
SHA256
880b378522192934f3385f82fb9405edfbc887713509d16cf9713d3ca95a41e1
-
SHA512
116dfc5e12c678eecd91e5c5600f62526037923cfeb2b1f642d87d4796299040572fb0b6d28e4892f11f2f7a9292ec37b98ba9092e5dc962df7d1c59cfedd3e0
-
SSDEEP
24576:bw/Y7Tpj64nDyEh5PQyw2+XhdxNV/E4w/W:s/qTtrDyWtrwZBs
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-