General
-
Target
f3e57a4cf14c8fdcf105d76b3b76ec4366635799bf8267a370aa93f5aecb325e
-
Size
628KB
-
Sample
221125-b2hw6sce88
-
MD5
d0687c4af6b9504d0bfdd9892eeb0b44
-
SHA1
dc05c863b6146d66ce2287a174851cb657516032
-
SHA256
f3e57a4cf14c8fdcf105d76b3b76ec4366635799bf8267a370aa93f5aecb325e
-
SHA512
1da08e005d6739c01bcf7d182f8b5b3cb834cd7cf3cc5e8e149daf14a905d44e57a09db3f479f041d1f766e12c74470150b81e0bb011d16c1c1a019cdfe4c372
-
SSDEEP
12288:Ecm1fSPe94LeV6gGp7i31S+HQ0kzJZHGAA/tMcE4S9jSC2mZJbxpDF:f8fSPGkeGpmFEzJZHGASnC2
Static task
static1
Behavioral task
behavioral1
Sample
f3e57a4cf14c8fdcf105d76b3b76ec4366635799bf8267a370aa93f5aecb325e.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
cp5ua.hyperhost.ua - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@#$ - Email To:
[email protected]
Targets
-
-
Target
f3e57a4cf14c8fdcf105d76b3b76ec4366635799bf8267a370aa93f5aecb325e
-
Size
628KB
-
MD5
d0687c4af6b9504d0bfdd9892eeb0b44
-
SHA1
dc05c863b6146d66ce2287a174851cb657516032
-
SHA256
f3e57a4cf14c8fdcf105d76b3b76ec4366635799bf8267a370aa93f5aecb325e
-
SHA512
1da08e005d6739c01bcf7d182f8b5b3cb834cd7cf3cc5e8e149daf14a905d44e57a09db3f479f041d1f766e12c74470150b81e0bb011d16c1c1a019cdfe4c372
-
SSDEEP
12288:Ecm1fSPe94LeV6gGp7i31S+HQ0kzJZHGAA/tMcE4S9jSC2mZJbxpDF:f8fSPGkeGpmFEzJZHGASnC2
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-