General
-
Target
MV TBN.exe
-
Size
735KB
-
Sample
230327-qsv8gafg2w
-
MD5
6215c21244930ce9ada085fa2b057a5b
-
SHA1
8bd872b4b8d9f03ad26ed7c8af2993d2780dfb4b
-
SHA256
7bafa941839aa64bee8e75e02d68b800d0dcf5f19f981eae5eade5b99d657de5
-
SHA512
f388976141e65f002c80652296ee18f2e92ca2f56f7d6f0a18a7bf6e66ea709d1c901f2544dca68d41760baa17a145000b0beeb06c646569953fb511a48112d5
-
SSDEEP
12288:l2y/EHTNu6DQlI9ZE0ml3iOpttWsYXePKUU6aeU0Kmt89Zwd8:l2TXUhZiOttW7MIVfZG8
Static task
static1
Behavioral task
behavioral1
Sample
MV TBN.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
MV TBN.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
valleycountysar.org - Port:
26 - Username:
vcsa@valleycountysar.org - Password:
?p$RWs,h$CU%
Targets
-
-
Target
MV TBN.exe
-
Size
735KB
-
MD5
6215c21244930ce9ada085fa2b057a5b
-
SHA1
8bd872b4b8d9f03ad26ed7c8af2993d2780dfb4b
-
SHA256
7bafa941839aa64bee8e75e02d68b800d0dcf5f19f981eae5eade5b99d657de5
-
SHA512
f388976141e65f002c80652296ee18f2e92ca2f56f7d6f0a18a7bf6e66ea709d1c901f2544dca68d41760baa17a145000b0beeb06c646569953fb511a48112d5
-
SSDEEP
12288:l2y/EHTNu6DQlI9ZE0ml3iOpttWsYXePKUU6aeU0Kmt89Zwd8:l2TXUhZiOttW7MIVfZG8
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-