General
-
Target
DDCD1F6072557A945AE9820B5669FD06528047A84DFDBD7327CCAB42A3BCCA8F
-
Size
181KB
-
Sample
230718-zkk7zaef5y
-
MD5
009d7a426f0b77384da5cf6d3cdbf157
-
SHA1
4109733f498b88d2a05dd420098ba3602b4cb7d4
-
SHA256
ddcd1f6072557a945ae9820b5669fd06528047a84dfdbd7327ccab42a3bcca8f
-
SHA512
3a1b0a9a8d0ad31d94643b17e2698adec52afa0865ee356bed219bfc73ece4ac61aba545c3974b2a0fe070aed30adaa8f7289b8e39f3f52380aa57bbf7d96356
-
SSDEEP
3072:V+CNDiPNeIoZ3CHBx4LjxiDZuh3Un/p+5CyeV+HzkcqCdkvEKjmkCQnZhzD9iira:V+QDi0D0hMsDZg6uZeVM4bCyfsMZhzDS
Static task
static1
Behavioral task
behavioral1
Sample
fatura proforma xls.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
fatura proforma xls.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
uglyhousebuy.com - Port:
587 - Username:
[email protected] - Password:
]YSPgjNCuF;W
Targets
-
-
Target
fatura proforma xls.exe
-
Size
221KB
-
MD5
c8b464bb63553f38026beb033afe58e9
-
SHA1
30ccc2ee2410802ad90275d13ddb4dc2cca11f45
-
SHA256
6e6f28265a65efc29248f1bc10513f4c2320edba637d87f8341df71fa113dcd3
-
SHA512
4ffd37544be2e15203e0ed79370fa80910d05f8fe44b4549e5224abf2820a6172e01ed8f555eed5c8e02992616e7afdd48ad4a718bbac3c303102616ddb448f1
-
SSDEEP
6144:S6v1ebfDVAxV+szpZeVMebrmySqizl3D4hS:S6v12pAxV+sdY2efmnFlX
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-