General
-
Target
DHL AWB 5016240032.gz
-
Size
526KB
-
Sample
230718-s5hh9abg55
-
MD5
f99ba468bf9d068ddc933d3762ec34cf
-
SHA1
d59046000f4e7126a360387fc258e653bd8b2f55
-
SHA256
44c2ecca7d95e0a44889ef4fdad8c048ee463919b386ad6a09a39693bb11a225
-
SHA512
442892fc8300744ad4a4127105d3022062f55ad89d1d06a43dafd0f0a993a14b7c3e8b3c7d11ca343661182ea4ef0e7cb96c5f8da995b23bb62b42be1c5a191e
-
SSDEEP
12288:MxVpEaLpTC7vlo2/NVMUZ71xpRM3LIfcfNQCsdqOSrQ+Zw9H9A0ObNblQw:w4EpKvl9Dh1zgIfFpqm+yh9qbNlv
Static task
static1
Behavioral task
behavioral1
Sample
DHL AWB 5016240032.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
DHL AWB 5016240032.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.keresa.com.my - Port:
587 - Username:
[email protected] - Password:
Keresa123+- - Email To:
[email protected]
Targets
-
-
Target
DHL AWB 5016240032.exe
-
Size
572KB
-
MD5
92116c2a95014e01082aecf0be665235
-
SHA1
86c6e4262292efcaf5d340440a3d33e90911320b
-
SHA256
810321f2b71adcaa676f764693491d2080735c29e509b2a546e32212a2c83ee1
-
SHA512
dcb9a77be569fcfa47c4b082aa3c0346eb2c5943a66e5d56760e1a78f94fc182b1ae89bfdf0cc140a59e58276b54381bc85971449bdf7a6fb7a7cbaa1df11a44
-
SSDEEP
12288:CmAY2kcdbL4EfmAGHmOxVtPOJDkirPITrdDWezLws:LN6GEfgOJLzITrF5E
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-