General
-
Target
SecuriteInfo.com.Win32.PWSX-gen.7409.6325
-
Size
892KB
-
Sample
221129-e5yctaee37
-
MD5
53419448f3747f2d4748764033bd3928
-
SHA1
b09dc87e713d166416d7eeed5881de734a8c2167
-
SHA256
84c53b0151ffcb22f8c50057daf61f41f6eb39381f41ca4db908fb93170382db
-
SHA512
dcee8d2a4d3a9ab33073e71dd997fc5e9ee581bd6d5427395670452692cae6e33d8ed9f1d5a0043f0c7aa9f0a30e3d5505899f1c1a5809b9990fbea357fde0b8
-
SSDEEP
24576:+Tb8JM6PoXJFdnm9fJPrzokrj7OCx/e8Cg7RUa5Z:7a7JFdnOjzokX1XRUyZ
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.PWSX-gen.7409.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Win32.PWSX-gen.7409.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
qlRYaFn8 - Email To:
[email protected]
Targets
-
-
Target
SecuriteInfo.com.Win32.PWSX-gen.7409.6325
-
Size
892KB
-
MD5
53419448f3747f2d4748764033bd3928
-
SHA1
b09dc87e713d166416d7eeed5881de734a8c2167
-
SHA256
84c53b0151ffcb22f8c50057daf61f41f6eb39381f41ca4db908fb93170382db
-
SHA512
dcee8d2a4d3a9ab33073e71dd997fc5e9ee581bd6d5427395670452692cae6e33d8ed9f1d5a0043f0c7aa9f0a30e3d5505899f1c1a5809b9990fbea357fde0b8
-
SSDEEP
24576:+Tb8JM6PoXJFdnm9fJPrzokrj7OCx/e8Cg7RUa5Z:7a7JFdnOjzokX1XRUyZ
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-