General
-
Target
Quote List-789000.exe
-
Size
572KB
-
Sample
230718-p25mtsac96
-
MD5
92116c2a95014e01082aecf0be665235
-
SHA1
86c6e4262292efcaf5d340440a3d33e90911320b
-
SHA256
810321f2b71adcaa676f764693491d2080735c29e509b2a546e32212a2c83ee1
-
SHA512
dcb9a77be569fcfa47c4b082aa3c0346eb2c5943a66e5d56760e1a78f94fc182b1ae89bfdf0cc140a59e58276b54381bc85971449bdf7a6fb7a7cbaa1df11a44
-
SSDEEP
12288:CmAY2kcdbL4EfmAGHmOxVtPOJDkirPITrdDWezLws:LN6GEfgOJLzITrF5E
Static task
static1
Behavioral task
behavioral1
Sample
Quote List-789000.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
Quote List-789000.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.keresa.com.my - Port:
587 - Username:
[email protected] - Password:
Keresa123+- - Email To:
[email protected]
Targets
-
-
Target
Quote List-789000.exe
-
Size
572KB
-
MD5
92116c2a95014e01082aecf0be665235
-
SHA1
86c6e4262292efcaf5d340440a3d33e90911320b
-
SHA256
810321f2b71adcaa676f764693491d2080735c29e509b2a546e32212a2c83ee1
-
SHA512
dcb9a77be569fcfa47c4b082aa3c0346eb2c5943a66e5d56760e1a78f94fc182b1ae89bfdf0cc140a59e58276b54381bc85971449bdf7a6fb7a7cbaa1df11a44
-
SSDEEP
12288:CmAY2kcdbL4EfmAGHmOxVtPOJDkirPITrdDWezLws:LN6GEfgOJLzITrF5E
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-