General
-
Target
80c0c7648149fdb4b41f5abc6316de36da5_JC.exe
-
Size
590KB
-
Sample
230729-n44ymsce72
-
MD5
599dbb42835f2c2389a3ac00625c6d2d
-
SHA1
18681d0de8bfc3787e3d5d4d90e7813936f6cead
-
SHA256
80c0c7648149fdb4b41f5abc6316de36da5c3133676d4c9d68e783ba70cb46c0
-
SHA512
681cfe0817443bbfc36f7038e5a523c8cf67207d5093a5c08ee759dd57333f489c5115b83b1d42912a6cbc7d453a55fe494812bce462cf60805542b08372d2c5
-
SSDEEP
12288:vbO5VXjsqBLDJ3vUiXsYahj7uGZhdMT4PLrGbO5:zODzRL1ds5zZDmGLrgO
Static task
static1
Behavioral task
behavioral1
Sample
80c0c7648149fdb4b41f5abc6316de36da5_JC.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
80c0c7648149fdb4b41f5abc6316de36da5_JC.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.kovarviajes.com - Port:
587 - Username:
[email protected] - Password:
P4tt1kr
Targets
-
-
Target
80c0c7648149fdb4b41f5abc6316de36da5_JC.exe
-
Size
590KB
-
MD5
599dbb42835f2c2389a3ac00625c6d2d
-
SHA1
18681d0de8bfc3787e3d5d4d90e7813936f6cead
-
SHA256
80c0c7648149fdb4b41f5abc6316de36da5c3133676d4c9d68e783ba70cb46c0
-
SHA512
681cfe0817443bbfc36f7038e5a523c8cf67207d5093a5c08ee759dd57333f489c5115b83b1d42912a6cbc7d453a55fe494812bce462cf60805542b08372d2c5
-
SSDEEP
12288:vbO5VXjsqBLDJ3vUiXsYahj7uGZhdMT4PLrGbO5:zODzRL1ds5zZDmGLrgO
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-