General
-
Target
FCT-0987655678998.exe
-
Size
650KB
-
Sample
230601-sjgd3afc6s
-
MD5
f84c0a7f4c5dd7e7e999e1a2b4f0e029
-
SHA1
ff5f7f5c4ccf53251cd3b09a3241a33af797fa3c
-
SHA256
5c067b4130c714d5ac0b0acdecb9ac0a69cc5354250a514a5c78c194de8e5f52
-
SHA512
dc691aed1f5619dfbf97a917dd508b5cab5481ec9c61dd470b0e6a720a3893bda515558a7b002a63921cbba29035c703dee1b77091c9212c02434836dbf13e4b
-
SSDEEP
12288:0ZObEP/SJa1EO9U7+F1GB4zI2L3RmBWQCUJjbSpKngmfiwPU:0t/42YrkBmwQC2jb65wM
Static task
static1
Behavioral task
behavioral1
Sample
FCT-0987655678998.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
FCT-0987655678998.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.sienkakupeste.com - Port:
587 - Username:
info@sienkakupeste.com - Password:
010203sienka++
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.sienkakupeste.com - Port:
587 - Username:
info@sienkakupeste.com - Password:
010203sienka++ - Email To:
saleseuropower2@yandex.com
Targets
-
-
Target
FCT-0987655678998.exe
-
Size
650KB
-
MD5
f84c0a7f4c5dd7e7e999e1a2b4f0e029
-
SHA1
ff5f7f5c4ccf53251cd3b09a3241a33af797fa3c
-
SHA256
5c067b4130c714d5ac0b0acdecb9ac0a69cc5354250a514a5c78c194de8e5f52
-
SHA512
dc691aed1f5619dfbf97a917dd508b5cab5481ec9c61dd470b0e6a720a3893bda515558a7b002a63921cbba29035c703dee1b77091c9212c02434836dbf13e4b
-
SSDEEP
12288:0ZObEP/SJa1EO9U7+F1GB4zI2L3RmBWQCUJjbSpKngmfiwPU:0t/42YrkBmwQC2jb65wM
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-