General
-
Target
BBVA.exe
-
Size
754KB
-
Sample
230722-j9ll2aaa63
-
MD5
234b4926590cedf9517347b6c8d02afc
-
SHA1
3de64f470833a28906cb1c03bb23dd844842831c
-
SHA256
05ea84c903e4eb75d9defe3cd550ef0ee979086ade208e9cf84f5d80530820ce
-
SHA512
f3e6473d23e2cb2a1c0347f92091296f0eae774758b84a8e53ecc9ec018c2f9f4f9295b52840be779544fbe2d448141b465ba84a0bf33a2bb318e95378d33659
-
SSDEEP
12288:SO7c7DBL+8KXXB+yji5ao4BEfWgr2h1vUGfjHGtqBgSOVxO5qN:SO7S1L+8mBbmf4pR11uYgSSy
Static task
static1
Behavioral task
behavioral1
Sample
BBVA.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
BBVA.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.qbangra.com - Port:
587 - Username:
[email protected] - Password:
QBangra2020 - Email To:
[email protected]
Targets
-
-
Target
BBVA.exe
-
Size
754KB
-
MD5
234b4926590cedf9517347b6c8d02afc
-
SHA1
3de64f470833a28906cb1c03bb23dd844842831c
-
SHA256
05ea84c903e4eb75d9defe3cd550ef0ee979086ade208e9cf84f5d80530820ce
-
SHA512
f3e6473d23e2cb2a1c0347f92091296f0eae774758b84a8e53ecc9ec018c2f9f4f9295b52840be779544fbe2d448141b465ba84a0bf33a2bb318e95378d33659
-
SSDEEP
12288:SO7c7DBL+8KXXB+yji5ao4BEfWgr2h1vUGfjHGtqBgSOVxO5qN:SO7S1L+8mBbmf4pR11uYgSSy
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-