General
-
Target
SecuriteInfo.com.Win32.PWSX-gen.22537.exe
-
Size
900KB
-
Sample
221003-e7874ahegk
-
MD5
96d1155766e94985bae9254b1519a08f
-
SHA1
20542794a283bb390e1f25e6150cd994a0b3a2a0
-
SHA256
006248ca6292f9ca72274fc84e5cea8fc72aa2df7079e849835c232bea1b1c47
-
SHA512
f5ab3b93729e7fc67e23a63006bec797f2a8d26fb9fae0a3c078ded809a16926d4226ced8ecc854eb988307beec635c63a439db24a29f3187b7af31fdd10f9af
-
SSDEEP
12288:f0fnBqhbu2e3h6FeBj2GwlRda0TmgnHzIVrURPSjSK4HTN:qMbjah6FeBjkvBzc8PS
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.PWSX-gen.22537.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Win32.PWSX-gen.22537.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.hemegas.es - Port:
587 - Username:
[email protected] - Password:
@Bastilipo1 - Email To:
[email protected]
Targets
-
-
Target
SecuriteInfo.com.Win32.PWSX-gen.22537.exe
-
Size
900KB
-
MD5
96d1155766e94985bae9254b1519a08f
-
SHA1
20542794a283bb390e1f25e6150cd994a0b3a2a0
-
SHA256
006248ca6292f9ca72274fc84e5cea8fc72aa2df7079e849835c232bea1b1c47
-
SHA512
f5ab3b93729e7fc67e23a63006bec797f2a8d26fb9fae0a3c078ded809a16926d4226ced8ecc854eb988307beec635c63a439db24a29f3187b7af31fdd10f9af
-
SSDEEP
12288:f0fnBqhbu2e3h6FeBj2GwlRda0TmgnHzIVrURPSjSK4HTN:qMbjah6FeBjkvBzc8PS
Score10/10-
Snake Keylogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-