General
-
Target
SDG08765789000.exe
-
Size
426KB
-
Sample
230610-l4hz3aef43
-
MD5
82a9d17b460ce613b4a84e91c31fc057
-
SHA1
6712ed456f85aefc10b4543f3af597d1c5203534
-
SHA256
08a0affd61847d592229e688c807f958c18916c8e11d2eeeef14a255ddfd339c
-
SHA512
7927e0f7a55a8ff7155579c079c69ebbca1d8360da514da605fd9e012b5ca927823991d391a6bc14861e0296627785255b21a3d0da2d5a2837a33318e6dbcdf9
-
SSDEEP
12288:/J0Mm9Ef3Wv2B6mnbMuutSMUlZ7sKjUvV8tHF2HJQpTIJSTSdiy:nPo2gUAS5lZ7sKjUvVulo
Static task
static1
Behavioral task
behavioral1
Sample
SDG08765789000.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
SDG08765789000.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
posta.ni.net.tr - Port:
587 - Username:
vize@apareia.com.tr - Password:
nilya1957 - Email To:
saleseuropower1@yandex.com
Targets
-
-
Target
SDG08765789000.exe
-
Size
426KB
-
MD5
82a9d17b460ce613b4a84e91c31fc057
-
SHA1
6712ed456f85aefc10b4543f3af597d1c5203534
-
SHA256
08a0affd61847d592229e688c807f958c18916c8e11d2eeeef14a255ddfd339c
-
SHA512
7927e0f7a55a8ff7155579c079c69ebbca1d8360da514da605fd9e012b5ca927823991d391a6bc14861e0296627785255b21a3d0da2d5a2837a33318e6dbcdf9
-
SSDEEP
12288:/J0Mm9Ef3Wv2B6mnbMuutSMUlZ7sKjUvV8tHF2HJQpTIJSTSdiy:nPo2gUAS5lZ7sKjUvVulo
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-