General
-
Target
d95620daeaadaeaf64a5524ce_JC.exe
-
Size
499KB
-
Sample
230729-plk89acf86
-
MD5
ffb0bf1556c28637409f9d150d70f0c8
-
SHA1
08a4890396140d0f9d5f0acdf171d11997422d10
-
SHA256
d95620daeaadaeaf64a5524ce23f6a73d286f9d5ece92f094c5ca081cbd219db
-
SHA512
d9143850fc6637c4e52e7ff0bbaa580da5fb855fa1848314794fa92c56386c688796a5c052d90492993e0b8e99f3400b81725941e31c7d87dfd34898aad184a0
-
SSDEEP
6144:U9U5jOW8utKw9PCQTpbdOIShLe7OEehuozcO8BnYN1iQ3X0ajAvy8CNwTEcygz:vjOWTDTNbdO9N2n+zc9BnYN19XWvy8C
Static task
static1
Behavioral task
behavioral1
Sample
d95620daeaadaeaf64a5524ce_JC.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
d95620daeaadaeaf64a5524ce_JC.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
webmail.satnet.net - Port:
587 - Username:
[email protected] - Password:
reve1563
Targets
-
-
Target
d95620daeaadaeaf64a5524ce_JC.exe
-
Size
499KB
-
MD5
ffb0bf1556c28637409f9d150d70f0c8
-
SHA1
08a4890396140d0f9d5f0acdf171d11997422d10
-
SHA256
d95620daeaadaeaf64a5524ce23f6a73d286f9d5ece92f094c5ca081cbd219db
-
SHA512
d9143850fc6637c4e52e7ff0bbaa580da5fb855fa1848314794fa92c56386c688796a5c052d90492993e0b8e99f3400b81725941e31c7d87dfd34898aad184a0
-
SSDEEP
6144:U9U5jOW8utKw9PCQTpbdOIShLe7OEehuozcO8BnYN1iQ3X0ajAvy8CNwTEcygz:vjOWTDTNbdO9N2n+zc9BnYN19XWvy8C
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-