General
-
Target
09876535689000000.exe
-
Size
803KB
-
Sample
230610-l44lrsfd3s
-
MD5
1ec78e859e083fdaeb0e6250d8992a22
-
SHA1
2501143c84f3ef7c39527b72c733dd822ed4aaae
-
SHA256
62bb51a5a9b90f4e6969abc219a75378eb3cb58d224df2a41644d5691ff69565
-
SHA512
5c4222934a37e311162e639fd8495b9dc0c3f91208cee931f4e899933c50f66db22a466a5190e3c5f7c6dcf0474eef12dc67c936b24fbe9334a8bed85a3b4dff
-
SSDEEP
12288:4AlbeU8m7xdvo/MdyrhFgtDsuBHsSj5J4+saBGEHw8YQL4ujmlQeu5dCMgeqJAD:Plb6m9BqmycgiH75BrwjQL1mCeOfge1
Static task
static1
Behavioral task
behavioral1
Sample
09876535689000000.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
09876535689000000.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.sienkakupeste.com - Port:
587 - Username:
info@sienkakupeste.com - Password:
010203sienka++ - Email To:
saleseuropower2@yandex.com
Targets
-
-
Target
09876535689000000.exe
-
Size
803KB
-
MD5
1ec78e859e083fdaeb0e6250d8992a22
-
SHA1
2501143c84f3ef7c39527b72c733dd822ed4aaae
-
SHA256
62bb51a5a9b90f4e6969abc219a75378eb3cb58d224df2a41644d5691ff69565
-
SHA512
5c4222934a37e311162e639fd8495b9dc0c3f91208cee931f4e899933c50f66db22a466a5190e3c5f7c6dcf0474eef12dc67c936b24fbe9334a8bed85a3b4dff
-
SSDEEP
12288:4AlbeU8m7xdvo/MdyrhFgtDsuBHsSj5J4+saBGEHw8YQL4ujmlQeu5dCMgeqJAD:Plb6m9BqmycgiH75BrwjQL1mCeOfge1
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-