General
-
Target
Request.doc
-
Size
34KB
-
Sample
230327-sp819sea62
-
MD5
467af03029c4d46d5133a22e340f0b32
-
SHA1
0fc58dc23fc550ee2781621bd00c08bff48a97a8
-
SHA256
5b7ee6d3514abf3f5555f3cbdaf931b47ba11f1c8c9961dc21c1ef77ed0a226d
-
SHA512
f9aea6dfd46c3ec568e436d93ae301acbc030d12d135d7b842ccaa6d9920bdae0b02f81276a59fc8d21f8162a923340942be2391416e8c2d7eeb0b3270835643
-
SSDEEP
768:gFx0XaIsnPRIa4fwJMVhVzpHt4tXzbGvYqVTeoLsn+dEw:gf0Xvx3EMVh14NOYqZ8q
Static task
static1
Behavioral task
behavioral1
Sample
Request.rtf
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Request.rtf
Resource
win10v2004-20230220-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
cp5ua.hyperhost.ua - Port:
587 - Username:
tonyspeciallog@gthltd.buzz - Password:
7213575aceACE@#$ - Email To:
tonyspecial@gthltd.buzz
Targets
-
-
Target
Request.doc
-
Size
34KB
-
MD5
467af03029c4d46d5133a22e340f0b32
-
SHA1
0fc58dc23fc550ee2781621bd00c08bff48a97a8
-
SHA256
5b7ee6d3514abf3f5555f3cbdaf931b47ba11f1c8c9961dc21c1ef77ed0a226d
-
SHA512
f9aea6dfd46c3ec568e436d93ae301acbc030d12d135d7b842ccaa6d9920bdae0b02f81276a59fc8d21f8162a923340942be2391416e8c2d7eeb0b3270835643
-
SSDEEP
768:gFx0XaIsnPRIa4fwJMVhVzpHt4tXzbGvYqVTeoLsn+dEw:gf0Xvx3EMVh14NOYqZ8q
Score10/10-
Snake Keylogger payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-