General
-
Target
Payment for MAWB NO 297-8450-7231 TT.exe
-
Size
1014KB
-
Sample
230601-w938asgb7x
-
MD5
098024da9b3784a0b27f64db4f2a2f36
-
SHA1
93fae08652dcc71457988ac2f9726963974a40d4
-
SHA256
6076d3956e79dc8752564da23a3dfa0100509b647128e82552bd234e5fa61ae8
-
SHA512
0a6a9418c99583b46290a725bd7ccabc0995eb8f5a948835905fea5efd516f0801a4c3c48ed74afcc874a709106c09871c46066280dfcafd669ca3d8d1f07f65
-
SSDEEP
24576:wF2/4lUw/FGjVKfW5BMqUE53nTOHh1NLof7G7:wF2/ei0WAdwqHh1N0TG
Static task
static1
Behavioral task
behavioral1
Sample
Payment for MAWB NO 297-8450-7231 TT.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Payment for MAWB NO 297-8450-7231 TT.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
smtp.gmail.com - Port:
25 - Username:
triihope931@gmail.com - Password:
iebtzpacgzyullvo
Targets
-
-
Target
Payment for MAWB NO 297-8450-7231 TT.exe
-
Size
1014KB
-
MD5
098024da9b3784a0b27f64db4f2a2f36
-
SHA1
93fae08652dcc71457988ac2f9726963974a40d4
-
SHA256
6076d3956e79dc8752564da23a3dfa0100509b647128e82552bd234e5fa61ae8
-
SHA512
0a6a9418c99583b46290a725bd7ccabc0995eb8f5a948835905fea5efd516f0801a4c3c48ed74afcc874a709106c09871c46066280dfcafd669ca3d8d1f07f65
-
SSDEEP
24576:wF2/4lUw/FGjVKfW5BMqUE53nTOHh1NLof7G7:wF2/ei0WAdwqHh1N0TG
Score10/10-
Snake Keylogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-