General
-
Target
EX895576850790.exe
-
Size
771KB
-
Sample
230722-j95pxaae51
-
MD5
0bad4547541e72660bd3c12321e7d1e1
-
SHA1
0fd44ffc3a003dbaed7b8f1043da1a954346ac03
-
SHA256
67a03c34c684a2771205a064937b3d6ec088d751c46b6ca6f1b191c7143932cc
-
SHA512
dc7f6cc51939a2b43c64dabdafa3e7de249ec0d6801325954619dee7f92e5ed74654f53f49ae2cac55f79429d29c6f39e7db4da59c3c9049b6bdfba8a10d6e94
-
SSDEEP
12288:8SjXmmsQnGHAax3wBHDHaaZbtVc1kTF2jNrgQ7EzG6sV:D7mmoHmHakrqY25rI
Static task
static1
Behavioral task
behavioral1
Sample
EX895576850790.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
EX895576850790.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.keresa.com.my - Port:
587 - Username:
[email protected] - Password:
Keresa123+- - Email To:
[email protected]
Targets
-
-
Target
EX895576850790.exe
-
Size
771KB
-
MD5
0bad4547541e72660bd3c12321e7d1e1
-
SHA1
0fd44ffc3a003dbaed7b8f1043da1a954346ac03
-
SHA256
67a03c34c684a2771205a064937b3d6ec088d751c46b6ca6f1b191c7143932cc
-
SHA512
dc7f6cc51939a2b43c64dabdafa3e7de249ec0d6801325954619dee7f92e5ed74654f53f49ae2cac55f79429d29c6f39e7db4da59c3c9049b6bdfba8a10d6e94
-
SSDEEP
12288:8SjXmmsQnGHAax3wBHDHaaZbtVc1kTF2jNrgQ7EzG6sV:D7mmoHmHakrqY25rI
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-