General
-
Target
Quote List-20072023.exe
-
Size
646KB
-
Sample
230721-gjk7gach21
-
MD5
a7cf29033f097beff4bc39dc0e77c45e
-
SHA1
0451133dab0c64dbe9ae04842411a65d50cf1876
-
SHA256
12c5352cc9750a19809c7d53b16d811ae93f96ba0326e5a3640e8ac5177d3f20
-
SHA512
3632f7472c2381855dfe05dcdcb551aafd7c512b857a712a1a5ca53ccdb4f9eb2884a37f655d614645c0eb20f42d6b8a6832eabb77e26bf3847d5f9aa293fc64
-
SSDEEP
12288:VBq7S6ln+flo/XciMv42gETW4+2W8w9kqhzGKS8zfUF2c0CUA8fEyHHXcy+:zqmTdCjE4Ji+2W8w9PhzGKSnF2fX5H37
Static task
static1
Behavioral task
behavioral1
Sample
Quote List-20072023.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
Quote List-20072023.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.keresa.com.my - Port:
587 - Username:
[email protected] - Password:
Keresa123+- - Email To:
[email protected]
Targets
-
-
Target
Quote List-20072023.exe
-
Size
646KB
-
MD5
a7cf29033f097beff4bc39dc0e77c45e
-
SHA1
0451133dab0c64dbe9ae04842411a65d50cf1876
-
SHA256
12c5352cc9750a19809c7d53b16d811ae93f96ba0326e5a3640e8ac5177d3f20
-
SHA512
3632f7472c2381855dfe05dcdcb551aafd7c512b857a712a1a5ca53ccdb4f9eb2884a37f655d614645c0eb20f42d6b8a6832eabb77e26bf3847d5f9aa293fc64
-
SSDEEP
12288:VBq7S6ln+flo/XciMv42gETW4+2W8w9kqhzGKS8zfUF2c0CUA8fEyHHXcy+:zqmTdCjE4Ji+2W8w9PhzGKSnF2fX5H37
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-