General
-
Target
Comprovativo De Transferencia.exe
-
Size
764KB
-
Sample
230602-qkhbmsbh8x
-
MD5
512f88a21575218c350b40823a4137a6
-
SHA1
df8977ab5cbe0f6e02674ccbcb23182a514b5a64
-
SHA256
a4ce07acfbdf7bd395f263bd86c3383bfc2d2f21be8df21511c1d37fa40e59b4
-
SHA512
4634d5003a39432d5612357f1a4dfa76a888d401004879b00371da43acc7651a50005c126c6674a868ffe92291d5f5ed38f08294566a527cb538594ed3c86aaa
-
SSDEEP
12288:fx+OSUAh3NVeb2iNa7xdvo/MdyrhFgtDsuBHsSj5J4+saBGfWxEZPS84XB39hRao:X1U9BqmycgiH75BrWZ6B3lakavYepwDG
Static task
static1
Behavioral task
behavioral1
Sample
Comprovativo De Transferencia.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Comprovativo De Transferencia.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.trinidadmaquinaria.com - Port:
587 - Username:
hola@trinidadmaquinaria.com - Password:
Mari6760@@ - Email To:
trucklover871@gmail.com
Targets
-
-
Target
Comprovativo De Transferencia.exe
-
Size
764KB
-
MD5
512f88a21575218c350b40823a4137a6
-
SHA1
df8977ab5cbe0f6e02674ccbcb23182a514b5a64
-
SHA256
a4ce07acfbdf7bd395f263bd86c3383bfc2d2f21be8df21511c1d37fa40e59b4
-
SHA512
4634d5003a39432d5612357f1a4dfa76a888d401004879b00371da43acc7651a50005c126c6674a868ffe92291d5f5ed38f08294566a527cb538594ed3c86aaa
-
SSDEEP
12288:fx+OSUAh3NVeb2iNa7xdvo/MdyrhFgtDsuBHsSj5J4+saBGfWxEZPS84XB39hRao:X1U9BqmycgiH75BrWZ6B3lakavYepwDG
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-