General
-
Target
Ramona voy 2022003.exe
-
Size
778KB
-
Sample
230610-l5cjnsfd3t
-
MD5
157faf8466b89969ccf5c66a38750c65
-
SHA1
381c0c689059fbdeb1b361d556581a383e3fb293
-
SHA256
da9c7594ee8e00c5aa90ad018bc069e8f9504fdaa542813c336ddfbdafbd26e1
-
SHA512
e84f6b9f51dfdce87028610b9a87aedcc9d63374ddbef2e8dd4fec6b27e624c6333b7df97347b60210eafbb1f27f24e552a4dfa7790cffcea2b8a8a3db315f3d
-
SSDEEP
24576:LMgkoHlWxMiQW/O4ue7XeT8FrM4JvbTwmj:tFlYMiQWmS7O4MOv/B
Static task
static1
Behavioral task
behavioral1
Sample
Ramona voy 2022003.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Ramona voy 2022003.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
argona.ro - Port:
26 - Username:
dan.grama@argona.ro - Password:
Argona12!@ - Email To:
trainee@valleycountysar.org
Targets
-
-
Target
Ramona voy 2022003.exe
-
Size
778KB
-
MD5
157faf8466b89969ccf5c66a38750c65
-
SHA1
381c0c689059fbdeb1b361d556581a383e3fb293
-
SHA256
da9c7594ee8e00c5aa90ad018bc069e8f9504fdaa542813c336ddfbdafbd26e1
-
SHA512
e84f6b9f51dfdce87028610b9a87aedcc9d63374ddbef2e8dd4fec6b27e624c6333b7df97347b60210eafbb1f27f24e552a4dfa7790cffcea2b8a8a3db315f3d
-
SSDEEP
24576:LMgkoHlWxMiQW/O4ue7XeT8FrM4JvbTwmj:tFlYMiQWmS7O4MOv/B
Score10/10-
Snake Keylogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-