General
-
Target
SDGH09876544567.exe
-
Size
2.3MB
-
Sample
230328-gzb9haba9v
-
MD5
af17c011348b5285378fd92a1b7d0a5d
-
SHA1
f0fb1e224db6daf37827fab4b8e2d0188ada2471
-
SHA256
b95e54c0b6066159485e8a176a73dba6325ef8c0cae97e0b818abbbd70c5afc9
-
SHA512
b76d142f5e25030529e489e3cf226a66e6f04f59c96c01806a5538901b54c92f9a28ec852639c8c01d4819f69ffd7caf439889ae426928f872a20e484b47ac45
-
SSDEEP
24576:k1t86DO+q0bcNRpIxOA4uSLbVWgD/f0cRxBiwrXyzsoVDUSVHsYD17IOTyRyH0CZ:PIAhPftRxB90VMYD17zORyH0jVwHH
Static task
static1
Behavioral task
behavioral1
Sample
SDGH09876544567.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
SDGH09876544567.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.sienkakupeste.com - Port:
587 - Username:
info@sienkakupeste.com - Password:
010203sienka++ - Email To:
saleseuropower2@yandex.com
Targets
-
-
Target
SDGH09876544567.exe
-
Size
2.3MB
-
MD5
af17c011348b5285378fd92a1b7d0a5d
-
SHA1
f0fb1e224db6daf37827fab4b8e2d0188ada2471
-
SHA256
b95e54c0b6066159485e8a176a73dba6325ef8c0cae97e0b818abbbd70c5afc9
-
SHA512
b76d142f5e25030529e489e3cf226a66e6f04f59c96c01806a5538901b54c92f9a28ec852639c8c01d4819f69ffd7caf439889ae426928f872a20e484b47ac45
-
SSDEEP
24576:k1t86DO+q0bcNRpIxOA4uSLbVWgD/f0cRxBiwrXyzsoVDUSVHsYD17IOTyRyH0CZ:PIAhPftRxB90VMYD17zORyH0jVwHH
Score10/10-
Snake Keylogger payload
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-