General
-
Target
44d5b7f05eaf67f8c48e6ee5f4ac5b10.bin
-
Size
554KB
-
Sample
230328-bvdc4sab3t
-
MD5
1b0d3e0a2122b11906e263684402884c
-
SHA1
3773582f53340019bf09c7e29674ff7a7c7f8a26
-
SHA256
1fb43908b0157aa47ec23ef11933db3e5f72cc93ad76d5b3e33289c2ebb21fe8
-
SHA512
84f68f36f60b1408a908c704251d8956d11939091866f97037d162a958d91dc568342c435444087ab317bbbb62015a930bc81dfa9519f9a6e0927d75dfac12ad
-
SSDEEP
12288:T9098igYTsA/BKUnKh1cw9dXiTrB8S1xbM1OYTUcXnMmkwSg:Z03gwxsUnKzFXiT9h15DYXnjz
Static task
static1
Behavioral task
behavioral1
Sample
3108a3fcb44794c0d76370e03236aeaed5883eab03bf13c80aa421a2b7a77c4d.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
3108a3fcb44794c0d76370e03236aeaed5883eab03bf13c80aa421a2b7a77c4d.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
apostle@cdhrmatel.com - Password:
aMfYdLX3 - Email To:
apostle@cdhrmatel.com
Targets
-
-
Target
3108a3fcb44794c0d76370e03236aeaed5883eab03bf13c80aa421a2b7a77c4d.exe
-
Size
1.1MB
-
MD5
44d5b7f05eaf67f8c48e6ee5f4ac5b10
-
SHA1
97c66412a2c0d4928ce8b9c95475e3b3a4074e76
-
SHA256
3108a3fcb44794c0d76370e03236aeaed5883eab03bf13c80aa421a2b7a77c4d
-
SHA512
f117628688d426ac2e85ba98aa431d9806a190211a851195de9cdb1cb3c0e291b3b9429bd8d5edc1ee020cc352792f537d0fa6497fab271064405393da80cd6a
-
SSDEEP
12288:8y1Q2ngMtm9+0CSi1a/7rEw7G/1Gjdues5j38eFp5bo0+4g58UTVaOJj5BSo4iVo:Eu5LauGgB6Wj1+CyCQgl
Score10/10-
Snake Keylogger payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-