General
-
Target
Signed po_000165.exe
-
Size
1.1MB
-
Sample
230328-lfw7saab58
-
MD5
c125d39a5c36ceb3561c38c86c0f74ff
-
SHA1
ee54939ec90d947049e2be343de7c42f9472df02
-
SHA256
1bd8f3260eef97220ff4fbf88e4e4005832becf5a74742c2bd2fbf542e446972
-
SHA512
a5cdd216d6cb680c3415b88c9bc4c2accec6301f6d38c57d81d14bad74c1cfb9b5605b4384f095b3375bb03a90f3591eb5a79900c47defd5e2d5665f8af43d35
-
SSDEEP
24576:vA5QvV9xxFzUYAMTZ8Mysn3HeFD8UW4Uw6ATp1wUb1QiD:Y5cxD4VCLyk3ev5p6A8x8
Static task
static1
Behavioral task
behavioral1
Sample
Signed po_000165.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Signed po_000165.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.muktaaspa.com - Port:
587 - Username:
inquiry@muktaaspa.com - Password:
%!G&w4007t]O
Targets
-
-
Target
Signed po_000165.exe
-
Size
1.1MB
-
MD5
c125d39a5c36ceb3561c38c86c0f74ff
-
SHA1
ee54939ec90d947049e2be343de7c42f9472df02
-
SHA256
1bd8f3260eef97220ff4fbf88e4e4005832becf5a74742c2bd2fbf542e446972
-
SHA512
a5cdd216d6cb680c3415b88c9bc4c2accec6301f6d38c57d81d14bad74c1cfb9b5605b4384f095b3375bb03a90f3591eb5a79900c47defd5e2d5665f8af43d35
-
SSDEEP
24576:vA5QvV9xxFzUYAMTZ8Mysn3HeFD8UW4Uw6ATp1wUb1QiD:Y5cxD4VCLyk3ev5p6A8x8
Score10/10-
Snake Keylogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-