General
-
Target
88a2241785b423bb2811fca68b20d9f1.bin
-
Size
238KB
-
Sample
230605-nzlaqsgd56
-
MD5
28b567ff88183ce5ede522b7ca4a1120
-
SHA1
084569c783d173f44da017330fed08b7b66a53fb
-
SHA256
aef9b5bf108e7b5c49c2351f3bad782f7c23e12411a2a4d5167a1644e657e723
-
SHA512
ab9475425bf2da4f94ba71a1699d90baa80fcb1aa2f75e9f1260532b5b399a54f19557d67b0abd01473a83a389b066f0cd4498a908083bb39ef6a3c77c2429cb
-
SSDEEP
6144:qRax5hLPVzUMQKBKNZY+Q/80d3CziZkC5z:qRaNLdwVe2ZY+iCW35z
Static task
static1
Behavioral task
behavioral1
Sample
f150053c381c6431eeab4ffcc350784eaccd7e8cb6a8d3e887c82917044bdec8.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
f150053c381c6431eeab4ffcc350784eaccd7e8cb6a8d3e887c82917044bdec8.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.sienkakupeste.com - Port:
587 - Username:
info@sienkakupeste.com - Password:
010203sienka++ - Email To:
saleseuropower1@yandex.com
Targets
-
-
Target
f150053c381c6431eeab4ffcc350784eaccd7e8cb6a8d3e887c82917044bdec8.exe
-
Size
362KB
-
MD5
88a2241785b423bb2811fca68b20d9f1
-
SHA1
0c3760c1be62617fbdc193ea01d58885540d933b
-
SHA256
f150053c381c6431eeab4ffcc350784eaccd7e8cb6a8d3e887c82917044bdec8
-
SHA512
fbf191008b7ada79f69a309dff3c48fa40cb70d00026455427648e24a0212e07b95ffcc3a64c17811beb857771dd514816e777425bfb050d5cf2ccd5a83a834b
-
SSDEEP
6144:iGyX+Zq4FkA99EfW1tWL/CGEzuTSj1asdw+Fz/J3qrisJv0wpESnMJZLSba3Vy:rs4WG9EfW1tWL/CGEzuTSj1asdw4/pSg
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-