General
-
Target
Product Inquiry LPO 202209282773526726.exe
-
Size
825KB
-
Sample
221001-h4yhzagfcl
-
MD5
ec2ec6eabae002a60635b2aaf42b5839
-
SHA1
ff1af2aca3772713a60d862f78776bce6fb1270d
-
SHA256
fb5504af04ed02bd8d59e43667dd64b9478484105be4af4f573de5b32816e989
-
SHA512
82e888499144d35de654973659c92414d19a6f6b65ac33ad851d92465a4c4252360be0d33da1adc58f3790b6945c698fa15aed178c03f75690b320f62153b852
-
SSDEEP
12288:VEuK3xMftlRAMpXmRe38bw5H9B3fjqV+4wZ0Bh3DQHKs8WapkoTFnAHsEc2U+/6y:65xgtlRFlJ38MLwVwaD3DQJP
Static task
static1
Behavioral task
behavioral1
Sample
Product Inquiry LPO 202209282773526726.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Product Inquiry LPO 202209282773526726.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
xCj*aYU6 - Email To:
[email protected]
Targets
-
-
Target
Product Inquiry LPO 202209282773526726.exe
-
Size
825KB
-
MD5
ec2ec6eabae002a60635b2aaf42b5839
-
SHA1
ff1af2aca3772713a60d862f78776bce6fb1270d
-
SHA256
fb5504af04ed02bd8d59e43667dd64b9478484105be4af4f573de5b32816e989
-
SHA512
82e888499144d35de654973659c92414d19a6f6b65ac33ad851d92465a4c4252360be0d33da1adc58f3790b6945c698fa15aed178c03f75690b320f62153b852
-
SSDEEP
12288:VEuK3xMftlRAMpXmRe38bw5H9B3fjqV+4wZ0Bh3DQHKs8WapkoTFnAHsEc2U+/6y:65xgtlRFlJ38MLwVwaD3DQJP
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-