General
-
Target
Operaciones de Cuenta.rar
-
Size
547KB
-
Sample
230328-hrtn9ahe33
-
MD5
8991cde2dc43156d2487cae536ddfa2e
-
SHA1
3a3f5ce2234428c14060c4c36eb84fc7b70f7767
-
SHA256
cc4ec245c4b3331cf3a4d87b5ee073b3b83141f54d64ea716c916ed7201df9d4
-
SHA512
f6597ee325e9829db6888f4a9469d04cf94f93e0f08e57900e636d91fe871bbe7f2326757f24b8f95dc1fc4eae7b23c8b8634b8b36f3611fab4ccc0d837d60a5
-
SSDEEP
12288:EUyRdDLEoozvMpWOEXS2L5T0Dy5+jSXq7kV6f18eoUGr3xvp/zMSM:EdC0WpiY5TQe+mXq7X+e23JhMSM
Static task
static1
Behavioral task
behavioral1
Sample
Operaciones de Cuenta.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Operaciones de Cuenta.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.eversafe.pt - Port:
587 - Username:
pulqueriamonteiro@eversafe.pt - Password:
Ev3rsaf3_2021 - Email To:
vbankz20@gmail.com
Targets
-
-
Target
Operaciones de Cuenta.exe
-
Size
678KB
-
MD5
71b2e12765ab5b744e42aea118f2845d
-
SHA1
8882d7c1ef14d140f9de727207a95ef5ffb68fd3
-
SHA256
f6ff5a18073b56d3a8d83195fa49486e289524729a081b5e49664f38854fe7e3
-
SHA512
67050f92dca57dc887d11736f7722c085e29b5a6e2974ff74e9ab2182856d6246ce113123a27ef13728d31ef2fab333cf677bf488f8f8ab400e65fd168262c20
-
SSDEEP
12288:uMw4EAPcLqU6LfBVbPWxAeWqHpST3yZrn0aHDyq9DSXALFWscaLU2:uMwtAPcLqU6nPKAzR3yBDyq0G62
-
Snake Keylogger payload
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-