General
-
Target
1046ce2655057bf77f032867b6966e9305a849885cbf2bfcc950aafefab9a732
-
Size
545KB
-
Sample
230505-wrlkjadh3y
-
MD5
9f0d16482b592714ba54308a101f0fe5
-
SHA1
60e9f224863ed0069671ab7a8e63151477fb96c8
-
SHA256
1046ce2655057bf77f032867b6966e9305a849885cbf2bfcc950aafefab9a732
-
SHA512
c0faec3265026de7be173c320bcbfec830730b18730305431c9eabc6fe4115cd8e522b4aede844e93f3e0940f0b7aa768336c35c581cf153f7b777ae4630eb29
-
SSDEEP
12288:3otx37BWadGcigYgp4uobYfwSYByy21a7t0lf5mKm3d:qx37kadGWSuoUfwSfJMt0lf514d
Static task
static1
Behavioral task
behavioral1
Sample
1046ce2655057bf77f032867b6966e9305a849885cbf2bfcc950aafefab9a732.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
1046ce2655057bf77f032867b6966e9305a849885cbf2bfcc950aafefab9a732.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
Protocol: smtp- Host:
cp5ua.hyperhost.ua - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@#$
Extracted
snakekeylogger
Protocol: smtp- Host:
cp5ua.hyperhost.ua - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@#$ - Email To:
[email protected]
Targets
-
-
Target
1046ce2655057bf77f032867b6966e9305a849885cbf2bfcc950aafefab9a732
-
Size
545KB
-
MD5
9f0d16482b592714ba54308a101f0fe5
-
SHA1
60e9f224863ed0069671ab7a8e63151477fb96c8
-
SHA256
1046ce2655057bf77f032867b6966e9305a849885cbf2bfcc950aafefab9a732
-
SHA512
c0faec3265026de7be173c320bcbfec830730b18730305431c9eabc6fe4115cd8e522b4aede844e93f3e0940f0b7aa768336c35c581cf153f7b777ae4630eb29
-
SSDEEP
12288:3otx37BWadGcigYgp4uobYfwSYByy21a7t0lf5mKm3d:qx37kadGWSuoUfwSfJMt0lf514d
-
Snake Keylogger payload
-
StormKitty payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-