General
-
Target
2632-61-0x0000000000610000-0x0000000000636000-memory.dmp
-
Size
152KB
-
Sample
230718-jfxr7sgh98
-
MD5
d9947a64ad1010e75cd703e5301cce33
-
SHA1
fcdf247c406f585dcb1a17a1aa7899efed939438
-
SHA256
a2a2847d3c1df48192ec68e76dd5cd369b8dfddb98bceb6a62bc6c5a60b5a37b
-
SHA512
b3e0c17d7fbfe2a866942cd360bddf1a5b2e1d5ae0ed0d9e798a9d29be10d0a5010b53e9cf3491578de95e8a0cc1ee8690b76081ce8a0a960c01559574103f9f
-
SSDEEP
3072:OfDDt3pY0Pfea3A3Nb7nGdWwB4NygbYJ:2t5iJ9bSkN7b
Behavioral task
behavioral1
Sample
2632-61-0x0000000000610000-0x0000000000636000-memory.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
2632-61-0x0000000000610000-0x0000000000636000-memory.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
snakekeylogger
Protocol: ftp- Host:
ftp://almasa.com.pe/ - Port:
21 - Username:
[email protected] - Password:
i($Ei~YKMTZY
Targets
-
-
Target
2632-61-0x0000000000610000-0x0000000000636000-memory.dmp
-
Size
152KB
-
MD5
d9947a64ad1010e75cd703e5301cce33
-
SHA1
fcdf247c406f585dcb1a17a1aa7899efed939438
-
SHA256
a2a2847d3c1df48192ec68e76dd5cd369b8dfddb98bceb6a62bc6c5a60b5a37b
-
SHA512
b3e0c17d7fbfe2a866942cd360bddf1a5b2e1d5ae0ed0d9e798a9d29be10d0a5010b53e9cf3491578de95e8a0cc1ee8690b76081ce8a0a960c01559574103f9f
-
SSDEEP
3072:OfDDt3pY0Pfea3A3Nb7nGdWwB4NygbYJ:2t5iJ9bSkN7b
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-