General
-
Target
5c9e41c57fc02e8a6832d92888f838a455e_JC.exe
-
Size
475KB
-
Sample
230729-nz2ygsce28
-
MD5
4b0e0239866ec4fd0e2fa7b3a011b362
-
SHA1
12f9b4f54fc834a16cadf28fad91dda1a55dc9e1
-
SHA256
5c9e41c57fc02e8a6832d92888f838a455e75ce93c833f2b730376a11f0040e9
-
SHA512
88c1334a98bbce2201527e831970e2253090efc8c6812538ee954149f282945b73b98dfcb802da2da5e293274d948cd538e718bdeec3195b8289efdf7a1c10ff
-
SSDEEP
12288:oAiYeJvaSz0dUOGk3DK2OJcjm5Tf7lDeZ48ZHyk2YOb:d9eJvudNZOJkmLeu8lySO
Static task
static1
Behavioral task
behavioral1
Sample
5c9e41c57fc02e8a6832d92888f838a455e_JC.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
5c9e41c57fc02e8a6832d92888f838a455e_JC.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.alshagran.com.sa - Port:
587 - Username:
[email protected] - Password:
InI%789987014 - Email To:
[email protected]
Targets
-
-
Target
5c9e41c57fc02e8a6832d92888f838a455e_JC.exe
-
Size
475KB
-
MD5
4b0e0239866ec4fd0e2fa7b3a011b362
-
SHA1
12f9b4f54fc834a16cadf28fad91dda1a55dc9e1
-
SHA256
5c9e41c57fc02e8a6832d92888f838a455e75ce93c833f2b730376a11f0040e9
-
SHA512
88c1334a98bbce2201527e831970e2253090efc8c6812538ee954149f282945b73b98dfcb802da2da5e293274d948cd538e718bdeec3195b8289efdf7a1c10ff
-
SSDEEP
12288:oAiYeJvaSz0dUOGk3DK2OJcjm5Tf7lDeZ48ZHyk2YOb:d9eJvudNZOJkmLeu8lySO
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-