General
-
Target
0d01b398c62a9309102e4ff06a8e41ca.exe
-
Size
904KB
-
Sample
221003-g92l5sbea2
-
MD5
0d01b398c62a9309102e4ff06a8e41ca
-
SHA1
9d5295874a6d5bce167fe43c02b79dde88100ad2
-
SHA256
7a67b150e39e9a9e879083da6aba720773e8bd4b3a46729fff3a38554d27e05e
-
SHA512
9b7713d68b73972138007987b5f5c3dfc2d95e8bc139d2b9b590d6e49c9ec6a7284f19c16d5ab6f9a236c88d0910ee4b63baa32906d2ede0cba80b803223edb0
-
SSDEEP
12288:qBx6K4HTN4C+IXBUZBjf4UZjXPzyUwRLee3fPDzWa2tTGH+Z0OfxM:NBkBjRZrPOUo1vbsty2G
Static task
static1
Behavioral task
behavioral1
Sample
0d01b398c62a9309102e4ff06a8e41ca.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
0d01b398c62a9309102e4ff06a8e41ca.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
smadar.joseph@almalasers-il.com - Password:
doDHyw%0 - Email To:
smadar.joseph@almalasers-il.com
Targets
-
-
Target
0d01b398c62a9309102e4ff06a8e41ca.exe
-
Size
904KB
-
MD5
0d01b398c62a9309102e4ff06a8e41ca
-
SHA1
9d5295874a6d5bce167fe43c02b79dde88100ad2
-
SHA256
7a67b150e39e9a9e879083da6aba720773e8bd4b3a46729fff3a38554d27e05e
-
SHA512
9b7713d68b73972138007987b5f5c3dfc2d95e8bc139d2b9b590d6e49c9ec6a7284f19c16d5ab6f9a236c88d0910ee4b63baa32906d2ede0cba80b803223edb0
-
SSDEEP
12288:qBx6K4HTN4C+IXBUZBjf4UZjXPzyUwRLee3fPDzWa2tTGH+Z0OfxM:NBkBjRZrPOUo1vbsty2G
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-