General
-
Target
098024da9b3784a0b27f64db4f2a2f36.bin
-
Size
901KB
-
Sample
230605-lxhqqagc61
-
MD5
6ff0842d939354c8f3702a5d2e168619
-
SHA1
6eddb58c135cc172213c05418ec7d87d25023c42
-
SHA256
7f3df0f4aa532153b7834e8838687eab2c086b9c649c8c0a348e60b8aa6e9b40
-
SHA512
d58853aba8409f35c6313471ee0e72c9bc92a48ec474b1a090f53cf7be41030b9d3a9d54d84520ddfbf3ee48b1bea0ea7e549adbe0030e67689c9ddeaa07775f
-
SSDEEP
12288:o0nwICm+Xri1hSAkPO3Yg7J5gxIZodZSBcAnodgjUndrBsdISGEwUW2f4ER:twIS0SAkUtJKx3HSmhn+tXJ
Static task
static1
Behavioral task
behavioral1
Sample
6076d3956e79dc8752564da23a3dfa0100509b647128e82552bd234e5fa61ae8.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
6076d3956e79dc8752564da23a3dfa0100509b647128e82552bd234e5fa61ae8.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
smtp.gmail.com - Port:
25 - Username:
triihope931@gmail.com - Password:
iebtzpacgzyullvo
Targets
-
-
Target
6076d3956e79dc8752564da23a3dfa0100509b647128e82552bd234e5fa61ae8.exe
-
Size
1014KB
-
MD5
098024da9b3784a0b27f64db4f2a2f36
-
SHA1
93fae08652dcc71457988ac2f9726963974a40d4
-
SHA256
6076d3956e79dc8752564da23a3dfa0100509b647128e82552bd234e5fa61ae8
-
SHA512
0a6a9418c99583b46290a725bd7ccabc0995eb8f5a948835905fea5efd516f0801a4c3c48ed74afcc874a709106c09871c46066280dfcafd669ca3d8d1f07f65
-
SSDEEP
24576:wF2/4lUw/FGjVKfW5BMqUE53nTOHh1NLof7G7:wF2/ei0WAdwqHh1N0TG
Score10/10-
Snake Keylogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-