General
-
Target
tmp
-
Size
159KB
-
Sample
230309-w1czrahf29
-
MD5
2c8ecd01029e296bf5c6b743e07bcc8d
-
SHA1
98534bd6d5c08cf14734a63713d930e12f69c5f0
-
SHA256
c1c2c7f68cd6257da48226477b7be1b3d82b9f6ee7b1e421b7b9d5191f89c8c6
-
SHA512
983590ed6f4aacd9f80142b60f4f64627a2f639ccda9c32b3c6260caad10f0fd667cd0c5cc93dc26ace5c5c6b1a84b4e8a27623bba873bf15f81537e64889726
-
SSDEEP
768:CM9Cr+M0fV7RW1JbUGmp7NxryR27zAFEzD/xworhF:CM92e7RAJu7vryR2XSWwOhF
Malware Config
Extracted
purecrypter
http://192.3.26.135/uo/Ksagb.png
Extracted
snakekeylogger
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
doDHyw%0 - Email To:
[email protected]
Targets
-
-
Target
tmp
-
Size
159KB
-
MD5
2c8ecd01029e296bf5c6b743e07bcc8d
-
SHA1
98534bd6d5c08cf14734a63713d930e12f69c5f0
-
SHA256
c1c2c7f68cd6257da48226477b7be1b3d82b9f6ee7b1e421b7b9d5191f89c8c6
-
SHA512
983590ed6f4aacd9f80142b60f4f64627a2f639ccda9c32b3c6260caad10f0fd667cd0c5cc93dc26ace5c5c6b1a84b4e8a27623bba873bf15f81537e64889726
-
SSDEEP
768:CM9Cr+M0fV7RW1JbUGmp7NxryR27zAFEzD/xworhF:CM92e7RAJu7vryR2XSWwOhF
Score10/10-
PureCrypter
PureCrypter is a .NET malware loader first seen in early 2021.
-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-