General
-
Target
3ca281f64c837dc8bbee64ae5936d802aeb5899d900efc3265e3a57b3bd2b3f1
-
Size
439KB
-
Sample
221125-wsdajsdh42
-
MD5
a238165c51a808dcc9104688cae91300
-
SHA1
b9dfd9abf3e2ed1b302fa56b5733989af5951642
-
SHA256
dbd498ba00f08d2a49da541c124f1d99dae6e4ba7214a87f748c2ead4b814b3b
-
SHA512
b0138c16a9ce8449afa410fc592ab0747f62cd4b9e042435272914be47499344d6caabb019c6ac6f3ac48c8ab72190fd546a9ae2d8f2ce3060d2e9ed58aebdea
-
SSDEEP
12288:V5c8Kr/JYLzWssoFCRwr1IXe8gIwtlK/qbYXmX:V5+YLOnOr1qPyYS
Static task
static1
Behavioral task
behavioral1
Sample
3ca281f64c837dc8bbee64ae5936d802aeb5899d900efc3265e3a57b3bd2b3f1.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
3ca281f64c837dc8bbee64ae5936d802aeb5899d900efc3265e3a57b3bd2b3f1.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
cp5ua.hyperhost.ua - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@#$ - Email To:
[email protected]
Targets
-
-
Target
3ca281f64c837dc8bbee64ae5936d802aeb5899d900efc3265e3a57b3bd2b3f1
-
Size
597KB
-
MD5
3bdfb659d6251a7f901ba781d0a9462b
-
SHA1
b25c6a4dc617b2bdc04cdcc64cbb1cce8f4ca8f7
-
SHA256
3ca281f64c837dc8bbee64ae5936d802aeb5899d900efc3265e3a57b3bd2b3f1
-
SHA512
e33c49c7b07c5410f30b631f572ad46859cd0bc5a5327eeab0ece99ad6946adfe659946b009f34e3a62c9d12a291bf447f835071af73b766bc768124286c964e
-
SSDEEP
12288:krmIZxD7RP5CJQ/Pjass2FsREr10XecgIwnlK+sZPbLj:krmls6Ner12ycbL
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-