General
-
Target
bWQWIXJESszKKRC.exe
-
Size
981KB
-
Sample
230602-qkhmeabe58
-
MD5
705409107642f80b196405a37c6f50b2
-
SHA1
4a23c4b0aa0448e73ce0284a54765bc1b1d38349
-
SHA256
4e605ffc153bda7de371b0675f66303bdad4dc9ba88a2eef42f758aea5259bb4
-
SHA512
7731465c0a71fa92881e7bc1fdc421fe209b1fcb39e13c2cdbf5834fb457055ad04e04d71860926047b63270a25ddc6155d4aab5c7700fdc386dc5fdc36b47c7
-
SSDEEP
24576:9dxK1U9BqmycgiH75BURvAKMSOQLiWHBiytoFXgA:Qu9Bqmycr7URYKMlQ+WwrF
Static task
static1
Behavioral task
behavioral1
Sample
bWQWIXJESszKKRC.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
bWQWIXJESszKKRC.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.sienkakupeste.com - Port:
587 - Username:
info@sienkakupeste.com - Password:
010203sienka++ - Email To:
saleseuropower2@yandex.com
Targets
-
-
Target
bWQWIXJESszKKRC.exe
-
Size
981KB
-
MD5
705409107642f80b196405a37c6f50b2
-
SHA1
4a23c4b0aa0448e73ce0284a54765bc1b1d38349
-
SHA256
4e605ffc153bda7de371b0675f66303bdad4dc9ba88a2eef42f758aea5259bb4
-
SHA512
7731465c0a71fa92881e7bc1fdc421fe209b1fcb39e13c2cdbf5834fb457055ad04e04d71860926047b63270a25ddc6155d4aab5c7700fdc386dc5fdc36b47c7
-
SSDEEP
24576:9dxK1U9BqmycgiH75BURvAKMSOQLiWHBiytoFXgA:Qu9Bqmycr7URYKMlQ+WwrF
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-