General
-
Target
SecuriteInfo.com.Win32.PWSX-gen.7989.2626.exe
-
Size
573KB
-
Sample
230718-mq39hshe87
-
MD5
c69ad29b13b8a81780fb8dcc19a9e860
-
SHA1
c651aad27968d6963efd00752b4d9342948cd70c
-
SHA256
a07e48874a69880208333c95cc881484421695b907c107e9e75593c75ec59eb8
-
SHA512
68dd8d05b7f51634d5c8bd9e408957ddd3db1cc9d11cfe5f0d28daadb9f4d820526d9c4beeb92ca98ac0d69cfc489a543181e133b97d5d95b86ac541100ce2c7
-
SSDEEP
12288:zmAY2kcdbL4Eft4mYwADdLJI0sCCjO9Y8mpc9vfipjFXrJoW3PQLS8jNc:yN6GEfzYFJLWRjOrmgibJoyQdN
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.PWSX-gen.7989.2626.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Win32.PWSX-gen.7989.2626.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
webmail.satnet.net - Port:
587 - Username:
[email protected] - Password:
reve1563
Targets
-
-
Target
SecuriteInfo.com.Win32.PWSX-gen.7989.2626.exe
-
Size
573KB
-
MD5
c69ad29b13b8a81780fb8dcc19a9e860
-
SHA1
c651aad27968d6963efd00752b4d9342948cd70c
-
SHA256
a07e48874a69880208333c95cc881484421695b907c107e9e75593c75ec59eb8
-
SHA512
68dd8d05b7f51634d5c8bd9e408957ddd3db1cc9d11cfe5f0d28daadb9f4d820526d9c4beeb92ca98ac0d69cfc489a543181e133b97d5d95b86ac541100ce2c7
-
SSDEEP
12288:zmAY2kcdbL4Eft4mYwADdLJI0sCCjO9Y8mpc9vfipjFXrJoW3PQLS8jNc:yN6GEfzYFJLWRjOrmgibJoyQdN
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-