General
-
Target
file.exe
-
Size
652KB
-
Sample
221124-t2hkhsfd64
-
MD5
2d7b3078116d6fb3da2f1ab51c8cf0e2
-
SHA1
8a6a461b4f37a9b2d32b1cbdbecd3579619bbba1
-
SHA256
8161e804d97adf2fbf82fffb3118ddeddb6e747eaa8322855cd461aaa3d5b0c1
-
SHA512
3e2683930d8220696350792d35002b9dc1e3dff1c7b92a527bc7eb1dd6cc2e59e14e20848a0eb6db4e86b22db046ff69a830085d89ae7e159470d9ed7b04ab68
-
SSDEEP
12288:bdgh/PsZ1DX/VDJ8eRlpr5VxA+nsWbaAQXwILHpCsK6bu:bdgh/PjspVVxpsWmXwiPC
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
cp5ua.hyperhost.ua - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@#$ - Email To:
[email protected]
Targets
-
-
Target
file.exe
-
Size
652KB
-
MD5
2d7b3078116d6fb3da2f1ab51c8cf0e2
-
SHA1
8a6a461b4f37a9b2d32b1cbdbecd3579619bbba1
-
SHA256
8161e804d97adf2fbf82fffb3118ddeddb6e747eaa8322855cd461aaa3d5b0c1
-
SHA512
3e2683930d8220696350792d35002b9dc1e3dff1c7b92a527bc7eb1dd6cc2e59e14e20848a0eb6db4e86b22db046ff69a830085d89ae7e159470d9ed7b04ab68
-
SSDEEP
12288:bdgh/PsZ1DX/VDJ8eRlpr5VxA+nsWbaAQXwILHpCsK6bu:bdgh/PjspVVxpsWmXwiPC
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-