General
-
Target
SD0098654578000.exe
-
Size
239KB
-
Sample
230602-k8fvtsag38
-
MD5
5770029a5220d4815065acdd4cd9d610
-
SHA1
1fe65c7fbc10c0ae57c3fa3dad0fc412571e7bfa
-
SHA256
54933171115c3b98a0e26bfc0e2cb7b2d5e5affa1a99970980cc9bb9599329b3
-
SHA512
acabf3b97e9bdcd4ef7553f2149e9cfb90e1d61f8b78a4d1145657c7f55fd7b1a150def5869b0d3da16b4e3fde361a5e492d12eaa6f1bc6ecbb8e86084be326a
-
SSDEEP
6144:V9EfkK97Xtc5abtJINZzZLywEtVpisJv0HpESnMuVy:V9Efk+Xtt4zZLywGVBu+SM+
Static task
static1
Behavioral task
behavioral1
Sample
SD0098654578000.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
SD0098654578000.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.sienkakupeste.com - Port:
587 - Username:
info@sienkakupeste.com - Password:
010203sienka++ - Email To:
saleseuropower2@yandex.com
Targets
-
-
Target
SD0098654578000.exe
-
Size
239KB
-
MD5
5770029a5220d4815065acdd4cd9d610
-
SHA1
1fe65c7fbc10c0ae57c3fa3dad0fc412571e7bfa
-
SHA256
54933171115c3b98a0e26bfc0e2cb7b2d5e5affa1a99970980cc9bb9599329b3
-
SHA512
acabf3b97e9bdcd4ef7553f2149e9cfb90e1d61f8b78a4d1145657c7f55fd7b1a150def5869b0d3da16b4e3fde361a5e492d12eaa6f1bc6ecbb8e86084be326a
-
SSDEEP
6144:V9EfkK97Xtc5abtJINZzZLywEtVpisJv0HpESnMuVy:V9Efk+Xtt4zZLywGVBu+SM+
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-