General
-
Target
Packing List.exe
-
Size
751KB
-
Sample
230328-gzbyqsba9s
-
MD5
3e2bf9d409ebc43f74591d151aa64d38
-
SHA1
40fc577fddeff678703b4673daa55dbfe657e670
-
SHA256
e6c74fa34990259423123de4dca4a6b1924929ac74b4e0078c702ca2ec05782b
-
SHA512
0e2afe23b4e293b46efd230815557c18c0080fe16e674b2026d7b7ff2e9a0b87cd100d86daf5167b33d665f6a4fb27aa2447c6fc04d1bc568d0a3eb2f5848013
-
SSDEEP
12288:HjKdJVZz5dcKMk5pgPXJ3IclZZekLRafUWIN51YBplnQaacr2rKEKdmBhQFENrCo:HIVZ9qKP5iXRllVRafra5GLNQ7mEK9F
Static task
static1
Behavioral task
behavioral1
Sample
Packing List.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Packing List.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
valleycountysar.org - Port:
26 - Username:
mbown@valleycountysar.org - Password:
}eQA)VL2!$V}
Targets
-
-
Target
Packing List.exe
-
Size
751KB
-
MD5
3e2bf9d409ebc43f74591d151aa64d38
-
SHA1
40fc577fddeff678703b4673daa55dbfe657e670
-
SHA256
e6c74fa34990259423123de4dca4a6b1924929ac74b4e0078c702ca2ec05782b
-
SHA512
0e2afe23b4e293b46efd230815557c18c0080fe16e674b2026d7b7ff2e9a0b87cd100d86daf5167b33d665f6a4fb27aa2447c6fc04d1bc568d0a3eb2f5848013
-
SSDEEP
12288:HjKdJVZz5dcKMk5pgPXJ3IclZZekLRafUWIN51YBplnQaacr2rKEKdmBhQFENrCo:HIVZ9qKP5iXRllVRafra5GLNQ7mEK9F
Score10/10-
Snake Keylogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-