General
-
Target
f60a805c01faa0d833461a2d3388ab6f.bin
-
Size
755KB
-
Sample
230328-c5ymgagf38
-
MD5
ae9e42900d3360fabaa86d2262da9c3b
-
SHA1
8c104918c08e3e2215a2bbcbdd1d84e51557e5f1
-
SHA256
8a8a8ffb29e0ae532eccc566127332362ed5e64a6f43244e8ec694fb989b5bca
-
SHA512
319c9eab8e4d1e4efd9e5feaae764db9926ec75e506da97f3c397735283735e2a59bc5fd09a3a03b5604a968150eecef9cf4cf4ae909ab9828957ca7d917bec5
-
SSDEEP
12288:q3Fvi2RihynKeF/dv+vZzJwkej2WRim3NVzod85iTQXV7z37YdBTVzcnORFcrEOY:qti5yKeb+zJw72YVwqiTqV7PYdLcnOR7
Static task
static1
Behavioral task
behavioral1
Sample
8c92fe975db6f552f522fbd9a8e542ae2e78cc0c21bb5e316b883b23e0084038.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
8c92fe975db6f552f522fbd9a8e542ae2e78cc0c21bb5e316b883b23e0084038.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
cp5ua.hyperhost.ua - Port:
587 - Username:
wealthlog@gthltd.buzz - Password:
7213575aceACE@#$ - Email To:
wealth@gthltd.buzz
Targets
-
-
Target
8c92fe975db6f552f522fbd9a8e542ae2e78cc0c21bb5e316b883b23e0084038.exe
-
Size
932KB
-
MD5
f60a805c01faa0d833461a2d3388ab6f
-
SHA1
729da8943c08531f0861f4f291ef1dd2346d2a94
-
SHA256
8c92fe975db6f552f522fbd9a8e542ae2e78cc0c21bb5e316b883b23e0084038
-
SHA512
71f49f7b80acf79578a8b7862f3aeda95a3e2b5edce31ecce9e093bd68550e114b704125ad0f2b85f85cf2df21411dcedc24bb33c7e8799d38749dd4ba8eea00
-
SSDEEP
12288:NvvaDcBlqYpyOkqDp5y2IEr3YodX/4kZuuGfYzVlYdk:1im4YpyeF5y2Iy3hdv0P+Lsk
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-