General
-
Target
bxXt2i9uBHPRJLY.exe
-
Size
746KB
-
Sample
230602-gwfshsab69
-
MD5
58769de6b310d27aee2176d4c3aefd8c
-
SHA1
84599ef5bee923c2098bfa3fa8f471879010f68a
-
SHA256
b324b97f06340df9c5abdcae3f7522fc3d5c66ac3b6b75dadeb83f133862cb82
-
SHA512
f0796c8ef00f26d140ed35758f717313f7ad7ea162dad14db427a5972ec7c0c161385f87de16c46ff90ad7fd03b0dd82367775d725fc73d6ad24dfa0bae01bad
-
SSDEEP
12288:qzuhBl7xdvo/MdyrhFgtDsuBHsSj5J4+saBGqMC6gKt98PohRq445nrHjzMl9tcf:q+9BqmycgiH75BhEPmwzqVrDqgogD
Static task
static1
Behavioral task
behavioral1
Sample
bxXt2i9uBHPRJLY.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
bxXt2i9uBHPRJLY.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.sienkakupeste.com - Port:
587 - Username:
info@sienkakupeste.com - Password:
010203sienka++ - Email To:
saleseuropower2@yandex.com
Targets
-
-
Target
bxXt2i9uBHPRJLY.exe
-
Size
746KB
-
MD5
58769de6b310d27aee2176d4c3aefd8c
-
SHA1
84599ef5bee923c2098bfa3fa8f471879010f68a
-
SHA256
b324b97f06340df9c5abdcae3f7522fc3d5c66ac3b6b75dadeb83f133862cb82
-
SHA512
f0796c8ef00f26d140ed35758f717313f7ad7ea162dad14db427a5972ec7c0c161385f87de16c46ff90ad7fd03b0dd82367775d725fc73d6ad24dfa0bae01bad
-
SSDEEP
12288:qzuhBl7xdvo/MdyrhFgtDsuBHsSj5J4+saBGqMC6gKt98PohRq445nrHjzMl9tcf:q+9BqmycgiH75BhEPmwzqVrDqgogD
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-