General
-
Target
Payment Copy.exe
-
Size
629KB
-
Sample
221125-3w971sfh97
-
MD5
92002937394958f5796bd2bd3afb7a6b
-
SHA1
3d5101c8249bed253e4f9b6e560ea0fc656ceddc
-
SHA256
d3884bc7ac4cec7f711e22e58c7010ade8ea78c996e222d37fa3258228cb9d44
-
SHA512
55b327819e453baa2d886682cf3f9f179b6356b6a1b5d89989c16c9f7fbc609de1fce8912f3aee21c169d2ac681c4b8ce296e44b5aae063756bed0a2fe168047
-
SSDEEP
12288:ucrK6bkon+LzvJn4z5RMPVxUjSC2mZJbxpDF:FrK6Qo+XJn8WPjDC2
Static task
static1
Behavioral task
behavioral1
Sample
Payment Copy.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Payment Copy.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
Da8@b!Gj!#zY4K - Email To:
[email protected]
Targets
-
-
Target
Payment Copy.exe
-
Size
629KB
-
MD5
92002937394958f5796bd2bd3afb7a6b
-
SHA1
3d5101c8249bed253e4f9b6e560ea0fc656ceddc
-
SHA256
d3884bc7ac4cec7f711e22e58c7010ade8ea78c996e222d37fa3258228cb9d44
-
SHA512
55b327819e453baa2d886682cf3f9f179b6356b6a1b5d89989c16c9f7fbc609de1fce8912f3aee21c169d2ac681c4b8ce296e44b5aae063756bed0a2fe168047
-
SSDEEP
12288:ucrK6bkon+LzvJn4z5RMPVxUjSC2mZJbxpDF:FrK6Qo+XJn8WPjDC2
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-