General
-
Target
e3b63ffe0b93bb1358d1b450a15b6dfef903e4f9e544a0c3c2e8b16263664d3b
-
Size
802KB
-
Sample
221003-k5kplshcgr
-
MD5
1cc7de121156906852885c8831679327
-
SHA1
280adcde8a9d97b8f3df0dd72b7829b0c85db4c1
-
SHA256
e3b63ffe0b93bb1358d1b450a15b6dfef903e4f9e544a0c3c2e8b16263664d3b
-
SHA512
40b4cdfec25875b09d1be9d8797587ae3cfa04d84c39ad3b19ed5c9ad5c3112b2527bbc115148a21ab3cfa96cfa3e0a6fbadaa26dc6cd58388d9f88c7fb1e0f9
-
SSDEEP
12288:O0WHeQ23dI7+sK267a8ub9vYZ1aGGjVt5IXeJl+K4HTN:SHeQ4tGUa8K9AzhG35IXeJl
Static task
static1
Behavioral task
behavioral1
Sample
e3b63ffe0b93bb1358d1b450a15b6dfef903e4f9e544a0c3c2e8b16263664d3b.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
cp5ua.hyperhost.ua - Port:
587 - Username:
yugolog@gthltd.buzz - Password:
7213575aceACE@#$ - Email To:
yugo@gthltd.buzz
https://api.telegram.org/bot5321688653:AAEI2yqGrOA_-sRZ3xaqutrexraSgFa0AnA/sendMessage?chat_id=5048077662
Targets
-
-
Target
e3b63ffe0b93bb1358d1b450a15b6dfef903e4f9e544a0c3c2e8b16263664d3b
-
Size
802KB
-
MD5
1cc7de121156906852885c8831679327
-
SHA1
280adcde8a9d97b8f3df0dd72b7829b0c85db4c1
-
SHA256
e3b63ffe0b93bb1358d1b450a15b6dfef903e4f9e544a0c3c2e8b16263664d3b
-
SHA512
40b4cdfec25875b09d1be9d8797587ae3cfa04d84c39ad3b19ed5c9ad5c3112b2527bbc115148a21ab3cfa96cfa3e0a6fbadaa26dc6cd58388d9f88c7fb1e0f9
-
SSDEEP
12288:O0WHeQ23dI7+sK267a8ub9vYZ1aGGjVt5IXeJl+K4HTN:SHeQ4tGUa8K9AzhG35IXeJl
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-