General
-
Target
PO # 6022000990.xlsx
-
Size
225KB
-
Sample
221003-fndgraghf6
-
MD5
0e8124dc3c84e6b3d1dd6402c38d36a0
-
SHA1
b98ab3ba28586b38e87f658d6a0ea5089f9ebf28
-
SHA256
0c922da2933a3d4e4707561d8cfd0252fbba9853e6a8703e19cb76340f5b78a1
-
SHA512
193bfd7db132071af2bde49a931edb16bae3e5b1100663abaacd28c72f35d0647871d32c64a360c43b6ff5843f37eda6bae729021e73267117179cc72afe7508
-
SSDEEP
6144:YKwyJY3dHu+QbR61DJBgH2woI3zL1c+k38T/mKgRx5:5w7dHut6+/oIji+xvgR7
Static task
static1
Behavioral task
behavioral1
Sample
PO # 6022000990.xlsx
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
PO # 6022000990.xlsx
Resource
win10v2004-20220901-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
smadar.joseph@almalasers-il.com - Password:
doDHyw%0 - Email To:
smadar.joseph@almalasers-il.com
Targets
-
-
Target
PO # 6022000990.xlsx
-
Size
225KB
-
MD5
0e8124dc3c84e6b3d1dd6402c38d36a0
-
SHA1
b98ab3ba28586b38e87f658d6a0ea5089f9ebf28
-
SHA256
0c922da2933a3d4e4707561d8cfd0252fbba9853e6a8703e19cb76340f5b78a1
-
SHA512
193bfd7db132071af2bde49a931edb16bae3e5b1100663abaacd28c72f35d0647871d32c64a360c43b6ff5843f37eda6bae729021e73267117179cc72afe7508
-
SSDEEP
6144:YKwyJY3dHu+QbR61DJBgH2woI3zL1c+k38T/mKgRx5:5w7dHut6+/oIji+xvgR7
Score10/10-
Snake Keylogger payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-