General
-
Target
6215c21244930ce9ada085fa2b057a5b.bin
-
Size
661KB
-
Sample
230329-bpn8eseb95
-
MD5
d0efcc2212952df02b7f825fd6061642
-
SHA1
6b78f60f67fcd449e8d94a7b04d02bccfcf56b8e
-
SHA256
e1eb7a0b13fcd2ec4057e174420cd9c7863db055c0b9315399002a18cb77fcb4
-
SHA512
db94e3aa436302a18df896428613ced027d4a734affd31a05af19c84005f8348d262d1851fa4e36b2efcca4baebcc163f287c31fad14b598372386597e5b1690
-
SSDEEP
12288:lTfopkwj96kYk0OVLXBGqN8IB3dKD+7GVFTsY/DZBEkjp/4j8wDIRd+1oaxrC6MA:lbMTNN0ULXBx8IrKDDBDZBDdQjGdUlZR
Static task
static1
Behavioral task
behavioral1
Sample
7bafa941839aa64bee8e75e02d68b800d0dcf5f19f981eae5eade5b99d657de5.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
7bafa941839aa64bee8e75e02d68b800d0dcf5f19f981eae5eade5b99d657de5.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
valleycountysar.org - Port:
26 - Username:
vcsa@valleycountysar.org - Password:
?p$RWs,h$CU%
Targets
-
-
Target
7bafa941839aa64bee8e75e02d68b800d0dcf5f19f981eae5eade5b99d657de5.exe
-
Size
735KB
-
MD5
6215c21244930ce9ada085fa2b057a5b
-
SHA1
8bd872b4b8d9f03ad26ed7c8af2993d2780dfb4b
-
SHA256
7bafa941839aa64bee8e75e02d68b800d0dcf5f19f981eae5eade5b99d657de5
-
SHA512
f388976141e65f002c80652296ee18f2e92ca2f56f7d6f0a18a7bf6e66ea709d1c901f2544dca68d41760baa17a145000b0beeb06c646569953fb511a48112d5
-
SSDEEP
12288:l2y/EHTNu6DQlI9ZE0ml3iOpttWsYXePKUU6aeU0Kmt89Zwd8:l2TXUhZiOttW7MIVfZG8
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-