General
-
Target
e04d08769ebf74aadda9a5ccf0320a06.exe
-
Size
535KB
-
Sample
230722-j9ll2aae5w
-
MD5
e04d08769ebf74aadda9a5ccf0320a06
-
SHA1
388d60db3e07b5da6ae83174f11fd3e8db0bc615
-
SHA256
bb4db999018838a8f0945dd26c3b38081a75035764fa58b88ff4e189003e340c
-
SHA512
699fbf8f2a047a7622c8e30191145b99fe033404d3a4d0e17a7cdedc7e273b1185d8648e3dfb441f5c259c6916cacc1758574d2ead938d925643a6aa3082e0fe
-
SSDEEP
12288:Cmw47/vuhQeNsV/GORK2ZjAUgadhKSrkr81J8LLeni:LheNyWOA/aa+kLLQi
Static task
static1
Behavioral task
behavioral1
Sample
e04d08769ebf74aadda9a5ccf0320a06.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
e04d08769ebf74aadda9a5ccf0320a06.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.acotur.com.ar - Port:
587 - Username:
[email protected] - Password:
bLeos!8ObM%A103
Targets
-
-
Target
e04d08769ebf74aadda9a5ccf0320a06.exe
-
Size
535KB
-
MD5
e04d08769ebf74aadda9a5ccf0320a06
-
SHA1
388d60db3e07b5da6ae83174f11fd3e8db0bc615
-
SHA256
bb4db999018838a8f0945dd26c3b38081a75035764fa58b88ff4e189003e340c
-
SHA512
699fbf8f2a047a7622c8e30191145b99fe033404d3a4d0e17a7cdedc7e273b1185d8648e3dfb441f5c259c6916cacc1758574d2ead938d925643a6aa3082e0fe
-
SSDEEP
12288:Cmw47/vuhQeNsV/GORK2ZjAUgadhKSrkr81J8LLeni:LheNyWOA/aa+kLLQi
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-