General
-
Target
payment copy.rar
-
Size
450KB
-
Sample
221128-n2dnnsbe65
-
MD5
4f319aa8ee62b7a55e412579369a9f5d
-
SHA1
32f9e22024ec2df04dc15c6c4797c0dafab0ad05
-
SHA256
e1343230309f534e71d05bec01c79e23e701905012800ae2fd6ca1763ee7f994
-
SHA512
d37e963c015dfc7f7a9568cf0de61cfc72f80b1199605c860ecf2c2aa227a7023fa58d7b61c4ec45f533a64b8193e4135122790a08979b14b2ac116aeff25d09
-
SSDEEP
6144:OXX0SRd8UuktnUbKn/qh9XkQmy6AriuwgZwAGRFb2ACIR/Z9ST9GX:OXX0SfB5KEyhaNy3x+AGRF1X9ST9GX
Static task
static1
Behavioral task
behavioral1
Sample
payment copy.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
payment copy.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
viicanto@kopamarine.xyz - Password:
Da8@b!Gj!#zY4K - Email To:
viicanto@kopamarine.xyz
Targets
-
-
Target
payment copy.exe
-
Size
632KB
-
MD5
9dc11bc9f45646da72f1fcd80ec3c8ef
-
SHA1
6238eec6748e70e2685e8c2b58e9cbc7e41898ca
-
SHA256
8ef5abf806b4399370b4c8a1ea4f0b87e995754b4594d751ba2648c55b71ad25
-
SHA512
efd10d089aead06fe4dd841716f5348e94ce26fbf3b084a9345de28b88a79cb903a7ae7372378ed6ce6bd530eae739814df1b0d009bc2f5448168fddf50a9946
-
SSDEEP
12288:pM9Dgh/PsZ1DX/VDJUS79oddN1hluiiahnUv+tECuLWJ:0Dgh/P7SQdDJ/hUG2Vi
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-