General
-
Target
SAD00098765400.exe
-
Size
232KB
-
Sample
230610-l44xjaef47
-
MD5
a092726b38d5e3c1accbc1e13e23cb61
-
SHA1
69beb44d487168bf872de9ad1212c59e045685e6
-
SHA256
2b1fc6582e816e95fcb9b2c9cf726176ea3d2c54806b312ed10b989f7713eef8
-
SHA512
6f49e99025838a040bece4784f9b3de49970640143dbda96a92bb3fa44865ea28a1d98ec24bda23773dd0e04ee30b271bc27acd0cebfa6e2361349a13d6fdb84
-
SSDEEP
6144:cCum4axF7Y+vDGfv2Iq1GT5WyauiFJv0pSV4X8jVy:cCumdxRYXnpsGT4zjupUkm
Static task
static1
Behavioral task
behavioral1
Sample
SAD00098765400.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
SAD00098765400.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.sienkakupeste.com - Port:
587 - Username:
info@sienkakupeste.com - Password:
010203sienka++ - Email To:
saleseuropower1@yandex.com
Targets
-
-
Target
SAD00098765400.exe
-
Size
232KB
-
MD5
a092726b38d5e3c1accbc1e13e23cb61
-
SHA1
69beb44d487168bf872de9ad1212c59e045685e6
-
SHA256
2b1fc6582e816e95fcb9b2c9cf726176ea3d2c54806b312ed10b989f7713eef8
-
SHA512
6f49e99025838a040bece4784f9b3de49970640143dbda96a92bb3fa44865ea28a1d98ec24bda23773dd0e04ee30b271bc27acd0cebfa6e2361349a13d6fdb84
-
SSDEEP
6144:cCum4axF7Y+vDGfv2Iq1GT5WyauiFJv0pSV4X8jVy:cCumdxRYXnpsGT4zjupUkm
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-