General
-
Target
S1P098765435000.exe
-
Size
712KB
-
Sample
230610-l4hdjaef39
-
MD5
b79f37ab5b716cf189282ece4473e0fb
-
SHA1
810b5bd611b4bfb5363b44002563484668820ae1
-
SHA256
88001561b8572bc81462f293cb546b3b1ecd0d6a83097a2d26471cc282f25864
-
SHA512
cd46c17d6f6969c1cf8aa86815f45a741854c3c45c6704239f0099c2ed46a70e8968f17616b70447c5e69c763a67c26a37c53325c487e9bc0e86d61945aee847
-
SSDEEP
12288:4ba8Pr0lWxMzIHREJVk/bq4izoW/m77K2WKSBX0/SGMXNWy2TN6jyWATFEdLJ9qZ:4ellWxMiQW/O4ue77vo0Kz8y/aF+180g
Static task
static1
Behavioral task
behavioral1
Sample
S1P098765435000.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
S1P098765435000.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.sienkakupeste.com - Port:
587 - Username:
info@sienkakupeste.com - Password:
010203sienka++ - Email To:
saleseuropower1@yandex.com
Targets
-
-
Target
S1P098765435000.exe
-
Size
712KB
-
MD5
b79f37ab5b716cf189282ece4473e0fb
-
SHA1
810b5bd611b4bfb5363b44002563484668820ae1
-
SHA256
88001561b8572bc81462f293cb546b3b1ecd0d6a83097a2d26471cc282f25864
-
SHA512
cd46c17d6f6969c1cf8aa86815f45a741854c3c45c6704239f0099c2ed46a70e8968f17616b70447c5e69c763a67c26a37c53325c487e9bc0e86d61945aee847
-
SSDEEP
12288:4ba8Pr0lWxMzIHREJVk/bq4izoW/m77K2WKSBX0/SGMXNWy2TN6jyWATFEdLJ9qZ:4ellWxMiQW/O4ue77vo0Kz8y/aF+180g
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-