General
-
Target
tmp
-
Size
762KB
-
Sample
230206-wjxb3aad7t
-
MD5
6df3de988d6ce61faf9dad16ccb863ad
-
SHA1
d47f3d30169e3d7301ffc738b15174c14647d600
-
SHA256
7b59507d5b9f3c30fc095fabfc7e88ff59977767cc39477ca75f20577a750989
-
SHA512
ed7bbf23f3da57f8cd43b8ddfc1d251637021d3896ca626da071374cbac1387a3d1a99357c8bfe7a0991d97c613800b66076a2b23ad8b3e73c291600e3ee98b5
-
SSDEEP
12288:Cpk7PACcXnyXx6q12ixyiWMkuAG8LzDZH5CbC8gZ46ahRZ5G:5AC1NQiAuv8LvCO8g+6S5G
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
tmp.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
001@frem-tr.com - Password:
^!uJBr^9 daniel
Targets
-
-
Target
tmp
-
Size
762KB
-
MD5
6df3de988d6ce61faf9dad16ccb863ad
-
SHA1
d47f3d30169e3d7301ffc738b15174c14647d600
-
SHA256
7b59507d5b9f3c30fc095fabfc7e88ff59977767cc39477ca75f20577a750989
-
SHA512
ed7bbf23f3da57f8cd43b8ddfc1d251637021d3896ca626da071374cbac1387a3d1a99357c8bfe7a0991d97c613800b66076a2b23ad8b3e73c291600e3ee98b5
-
SSDEEP
12288:Cpk7PACcXnyXx6q12ixyiWMkuAG8LzDZH5CbC8gZ46ahRZ5G:5AC1NQiAuv8LvCO8g+6S5G
Score10/10-
Snake Keylogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-