General
-
Target
IB_23071847557_attachment.exe
-
Size
694KB
-
Sample
230718-p2cbaaac87
-
MD5
dee75e523ae85c613fe1cbf269de7e25
-
SHA1
a6b79aec1ab2c19d303b82025515bdd8ea83d4d6
-
SHA256
ea14e71e40ef5c0214b407a983fc0c540ccccbbde1a8479c55adabe286469589
-
SHA512
2855444f118dfd1f0586b48d8544ca259249b8a9923f50a3a41d9f53e4e778593917c7f3fb25a8753b7a2da38879b3fe7930d444eaf32196ecd5978333909d0c
-
SSDEEP
12288:Wf+bDv9BcW9RoIOfb/WT4UkuZOtFdMyvqSq51l2Xtt6A0VXpd5Rha5T+p1YP:WGn1BcW9RoIOfzW/ZO3b8cXtl0V5dFaf
Static task
static1
Behavioral task
behavioral1
Sample
IB_23071847557_attachment.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
IB_23071847557_attachment.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.keresa.com.my - Port:
587 - Username:
[email protected] - Password:
Keresa123+- - Email To:
[email protected]
Targets
-
-
Target
IB_23071847557_attachment.exe
-
Size
694KB
-
MD5
dee75e523ae85c613fe1cbf269de7e25
-
SHA1
a6b79aec1ab2c19d303b82025515bdd8ea83d4d6
-
SHA256
ea14e71e40ef5c0214b407a983fc0c540ccccbbde1a8479c55adabe286469589
-
SHA512
2855444f118dfd1f0586b48d8544ca259249b8a9923f50a3a41d9f53e4e778593917c7f3fb25a8753b7a2da38879b3fe7930d444eaf32196ecd5978333909d0c
-
SSDEEP
12288:Wf+bDv9BcW9RoIOfb/WT4UkuZOtFdMyvqSq51l2Xtt6A0VXpd5Rha5T+p1YP:WGn1BcW9RoIOfzW/ZO3b8cXtl0V5dFaf
Score10/10-
Snake Keylogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-