General
-
Target
fcb23667b36b5125d4d0b9a63d7fb6574924e979d377ed02912dbf0780f6dd6f
-
Size
1.2MB
-
Sample
221003-bhrd7sbfal
-
MD5
5594b8c9e87193bba39894ac1fe26e25
-
SHA1
3c53fa09eb2c698ec938c6c78660716d481b1a34
-
SHA256
fcb23667b36b5125d4d0b9a63d7fb6574924e979d377ed02912dbf0780f6dd6f
-
SHA512
a9e2b098751fcd83bea4554b48c4abcf5ccea1b8c85a2d862bad22214d49d934a43ebde89ef7419f8e8e43e4b9b3ace9e0e5d576520f2613682116f2af828106
-
SSDEEP
24576:hdUgKgRv/jx9EUXnNKJpfew8DQdaE3Ulf6kiTO:ggKgNV9EUXnQpfXjdGfv
Static task
static1
Behavioral task
behavioral1
Sample
fcb23667b36b5125d4d0b9a63d7fb6574924e979d377ed02912dbf0780f6dd6f.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
cp5ua.hyperhost.ua - Port:
587 - Username:
arinzelog@steuler-kch.org - Password:
7213575aceACE@#$ - Email To:
arinze@steuler-kch.org
https://api.telegram.org/bot5321688653:AAEI2yqGrOA_-sRZ3xaqutrexraSgFa0AnA/sendMessage?chat_id=5048077662
Targets
-
-
Target
fcb23667b36b5125d4d0b9a63d7fb6574924e979d377ed02912dbf0780f6dd6f
-
Size
1.2MB
-
MD5
5594b8c9e87193bba39894ac1fe26e25
-
SHA1
3c53fa09eb2c698ec938c6c78660716d481b1a34
-
SHA256
fcb23667b36b5125d4d0b9a63d7fb6574924e979d377ed02912dbf0780f6dd6f
-
SHA512
a9e2b098751fcd83bea4554b48c4abcf5ccea1b8c85a2d862bad22214d49d934a43ebde89ef7419f8e8e43e4b9b3ace9e0e5d576520f2613682116f2af828106
-
SSDEEP
24576:hdUgKgRv/jx9EUXnNKJpfew8DQdaE3Ulf6kiTO:ggKgNV9EUXnQpfXjdGfv
Score10/10-
Snake Keylogger payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-