General
-
Target
CA0001758617120.exe
-
Size
573KB
-
Sample
230718-pz7z6sba8v
-
MD5
47670e60734e3841f76167ffe1e135d3
-
SHA1
7ad2880b7ba30938f4ddfdb610102bf5e3fa5fad
-
SHA256
f11985ed8f09689544e4eee025a8526c59de67423874d4fb8a33b73da723edb9
-
SHA512
72867bbe33250de4cdbb5acb31ebb7b07fe49d929a901b66b5077cc8f289194a92d8d40627b97a561517c0560940c9767e501162db9e7b032d78ebd13bc24155
-
SSDEEP
12288:omAY2kcdbL4EfQVUsQ1dUUmFtP3uOnwlDMM7W3iGaC9hwpFTe/:NN6GEfjsQ1dUUwd3glDxcwpQ
Static task
static1
Behavioral task
behavioral1
Sample
CA0001758617120.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
CA0001758617120.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.keresa.com.my - Port:
587 - Username:
[email protected] - Password:
Keresa123+- - Email To:
[email protected]
Targets
-
-
Target
CA0001758617120.exe
-
Size
573KB
-
MD5
47670e60734e3841f76167ffe1e135d3
-
SHA1
7ad2880b7ba30938f4ddfdb610102bf5e3fa5fad
-
SHA256
f11985ed8f09689544e4eee025a8526c59de67423874d4fb8a33b73da723edb9
-
SHA512
72867bbe33250de4cdbb5acb31ebb7b07fe49d929a901b66b5077cc8f289194a92d8d40627b97a561517c0560940c9767e501162db9e7b032d78ebd13bc24155
-
SSDEEP
12288:omAY2kcdbL4EfQVUsQ1dUUmFtP3uOnwlDMM7W3iGaC9hwpFTe/:NN6GEfjsQ1dUUwd3glDxcwpQ
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-