General
-
Target
3a56b22b7e97d383a7f673177baa409d.bin
-
Size
275KB
-
Sample
230605-myeacsga83
-
MD5
4c7ee120397ccadce875c562a715f603
-
SHA1
334684c52d045c7e6a73ffb0d0d69a43965e805f
-
SHA256
ae92be4fc976c7e4413b56d1d4b64f9a5e689c2abcf71e1dd7890b666779a541
-
SHA512
806a1d2c797702a15cb585ae53debac481cfaaca52f301409c0089dfd87c9d08695bc7e6017ad78987c9d80b00e6111f517c9aca0dc7cfbcc4e1a99ed19a30da
-
SSDEEP
6144:03jXos1B79ZJFyyVP+e79v6Aaw/Nbl++0QXgqtfh10a2vu3ArmsgRfJKGxbXSX:GjPvtFyyVxpyAx1HLXjzSa2vxrSMGxbe
Static task
static1
Behavioral task
behavioral1
Sample
b2160d49f16699a220d28ce02f57bff30684818c628de40210e0359374908229.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
b2160d49f16699a220d28ce02f57bff30684818c628de40210e0359374908229.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.sienkakupeste.com - Port:
587 - Username:
info@sienkakupeste.com - Password:
010203sienka++ - Email To:
saleseuropower2@yandex.com
Targets
-
-
Target
b2160d49f16699a220d28ce02f57bff30684818c628de40210e0359374908229.exe
-
Size
560KB
-
MD5
3a56b22b7e97d383a7f673177baa409d
-
SHA1
b2236349e362e6219dbe68fba501af453e8d8397
-
SHA256
b2160d49f16699a220d28ce02f57bff30684818c628de40210e0359374908229
-
SHA512
27731d89ae6d3ad3301b6b65875ba1db40d99dbb452cf0b799e075d04fa3e6738c067d1da575a78565c26f40cfd9511a57f83dd12b3e56260ac5b2f695d5901c
-
SSDEEP
12288:zs4WG9EfodtWL/CGEzuTSj1asKbUPpxu7SMJ0uSW0:zs4WtmtWL/CGEzuTSjIsKIP2Se0r
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-