General
-
Target
DE ADEUDO EL 04.04.2023.bat.exe
-
Size
625KB
-
Sample
230328-rp5heabe46
-
MD5
c5a9119a67c1d429e3af9418735aa919
-
SHA1
f7c44b5a96bab809aa91d1fc0f32f5db41eac106
-
SHA256
c7a282bb4bc111616da14a7f6bac27b0b7c7437156a7992382dc695f50d6300a
-
SHA512
5bf05793815f510ac70b9386bcb1c3b36f42f5dc6693319eb8b34474744f43a8ba38510feeb52a4d5b4adda021cbdb0b279fb728042eb3efba9f1d3da6ac86f3
-
SSDEEP
6144:sMm4CCHM4NL26fgvKOXB9CXSjdtoXtRl1b/zMehiHoBik4K2y9ah:sMwg/NL26fgvPcKdtodnBAe5L9ah
Static task
static1
Behavioral task
behavioral1
Sample
DE ADEUDO EL 04.04.2023.bat.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
DE ADEUDO EL 04.04.2023.bat.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.eversafe.pt - Port:
587 - Username:
pulqueriamonteiro@eversafe.pt - Password:
Ev3rsaf3_2021 - Email To:
rolandvirus66@gmail.com
Targets
-
-
Target
DE ADEUDO EL 04.04.2023.bat.exe
-
Size
625KB
-
MD5
c5a9119a67c1d429e3af9418735aa919
-
SHA1
f7c44b5a96bab809aa91d1fc0f32f5db41eac106
-
SHA256
c7a282bb4bc111616da14a7f6bac27b0b7c7437156a7992382dc695f50d6300a
-
SHA512
5bf05793815f510ac70b9386bcb1c3b36f42f5dc6693319eb8b34474744f43a8ba38510feeb52a4d5b4adda021cbdb0b279fb728042eb3efba9f1d3da6ac86f3
-
SSDEEP
6144:sMm4CCHM4NL26fgvKOXB9CXSjdtoXtRl1b/zMehiHoBik4K2y9ah:sMwg/NL26fgvPcKdtodnBAe5L9ah
Score10/10-
Snake Keylogger payload
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-