General
-
Target
FACTRA098765567898.exe
-
Size
799KB
-
Sample
230610-l44lrsfd21
-
MD5
b31a4d28756f8a6707e39726b0658ec8
-
SHA1
21361d667e6446d03f4ae3b0a5b04fac9d99594f
-
SHA256
4390dddf839f96d8587b2606617bfc5940183f54cafb1d48fc5c1986a31238cd
-
SHA512
d6171165f4dfc4e03bda59b2ba768de44e5c6aa7e7d6b47d14437ad6f8ab53af9008fac2dec5c6e92f401a931a75539280bff150ca25b72543eeaecd23048e7f
-
SSDEEP
24576:Ap9BqmycgiH75BlgCr8GBgagmMI/B0mrlp:Ap9Bqmycr7eCdBVFZ
Static task
static1
Behavioral task
behavioral1
Sample
FACTRA098765567898.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
FACTRA098765567898.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.sienkakupeste.com - Port:
587 - Username:
info@sienkakupeste.com - Password:
010203sienka++ - Email To:
saleseuropower1@yandex.com
Targets
-
-
Target
FACTRA098765567898.exe
-
Size
799KB
-
MD5
b31a4d28756f8a6707e39726b0658ec8
-
SHA1
21361d667e6446d03f4ae3b0a5b04fac9d99594f
-
SHA256
4390dddf839f96d8587b2606617bfc5940183f54cafb1d48fc5c1986a31238cd
-
SHA512
d6171165f4dfc4e03bda59b2ba768de44e5c6aa7e7d6b47d14437ad6f8ab53af9008fac2dec5c6e92f401a931a75539280bff150ca25b72543eeaecd23048e7f
-
SSDEEP
24576:Ap9BqmycgiH75BlgCr8GBgagmMI/B0mrlp:Ap9Bqmycr7eCdBVFZ
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-