General
-
Target
039d18e2ebeed71e4de189290ecc6554.bin
-
Size
644KB
-
Sample
230328-bcyw4agb45
-
MD5
2e83c344f0a60cdddb1ad5680984aeed
-
SHA1
daad61cfbe78a0a9d196b9c7f1275a7740ac841b
-
SHA256
0ea1505f6ce606960370a4c672d375452a434a37aa777d2a1dd240498a6fffa7
-
SHA512
a83e20989f1836f358d9ce4cc13d55b8dd24c14ff4d52ca9404f1185b3e6cd5eb5b415a1032ce3d32b567e9153bc5f5f38990fd450cf5464821232b9201eb9b5
-
SSDEEP
12288:aDebAcMvjpMa5/mNrw0GkIUO69RFsJk/+5XFSujMdL0El2EUKh5z7f0:WeCvj6a5gIUO6Vak2uuoh0/8vA
Static task
static1
Behavioral task
behavioral1
Sample
d18c9b56900681c70305abb559a6d1a645b0f3bd0238dc8e83de4a906f6aff0e.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
d18c9b56900681c70305abb559a6d1a645b0f3bd0238dc8e83de4a906f6aff0e.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
smtp.lakeoilqroup.com - Port:
587 - Username:
salem.alamody@lakeoilqroup.com - Password:
Chelseamel@22
Targets
-
-
Target
d18c9b56900681c70305abb559a6d1a645b0f3bd0238dc8e83de4a906f6aff0e.exe
-
Size
675KB
-
MD5
039d18e2ebeed71e4de189290ecc6554
-
SHA1
082890e596684e635ea4839c5c1c9333a93ce3b8
-
SHA256
d18c9b56900681c70305abb559a6d1a645b0f3bd0238dc8e83de4a906f6aff0e
-
SHA512
b0ea2154699494763befd00825fcf80aee4f43b7b89effca8f42da121a33dfe184b50fa9956594ea91d41c82903b4111f64410b208e0a1b6e8293269f7dd433f
-
SSDEEP
12288:v7qY2zl06/TgTU4beaSHdXMVOUvOFhcp/bHJLJ0Ag/0sB9KAdkYNmwDL70dJ2gD:kl06MF8HdXM3OFhcp/bzng/BnmwAygD
Score10/10-
Snake Keylogger payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-