General
-
Target
Payment Copy.rar
-
Size
460KB
-
Sample
221128-pdxx3scc64
-
MD5
dd59091493c2bfd44f0042b56adf9740
-
SHA1
1b387c293c8a02a60730a6a51b8b086f923da5c9
-
SHA256
52bda8074bc54a356692d0c2effd140e9a7298852d11ac6a02ba4a3a3188583a
-
SHA512
997b7850e96f82fd8839dd7eb39e1441e6a2efea428154c2e51471b14f42867ddd88397dc55c584c1158c37361a34c75046c21b7ba758816fb0bdb4926d746f8
-
SSDEEP
12288:QRHo/hbeJR7f5umgROqXGVMwBU8GxGzUbQS+uqi:QRIYJlhubd2cwZX8
Static task
static1
Behavioral task
behavioral1
Sample
Payment Copy.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Payment Copy.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
Da8@b!Gj!#zY4K - Email To:
[email protected]
Targets
-
-
Target
Payment Copy.exe
-
Size
629KB
-
MD5
92002937394958f5796bd2bd3afb7a6b
-
SHA1
3d5101c8249bed253e4f9b6e560ea0fc656ceddc
-
SHA256
d3884bc7ac4cec7f711e22e58c7010ade8ea78c996e222d37fa3258228cb9d44
-
SHA512
55b327819e453baa2d886682cf3f9f179b6356b6a1b5d89989c16c9f7fbc609de1fce8912f3aee21c169d2ac681c4b8ce296e44b5aae063756bed0a2fe168047
-
SSDEEP
12288:ucrK6bkon+LzvJn4z5RMPVxUjSC2mZJbxpDF:FrK6Qo+XJn8WPjDC2
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-