General
-
Target
SSM-1998.exe
-
Size
852KB
-
Sample
230731-hjmwqsda48
-
MD5
e7dd9499e3d6870e42828b4eeed3d81c
-
SHA1
0245bbf3c2e5169fbeaef1ae56f1e80a70360e75
-
SHA256
d00f8dee3e81decbb37ef2651c88d3ba46a959d5bfe1d71fc17afd8b4704b4bd
-
SHA512
983585d297f788eae4db092cbb56d79c8918cd5212f67d7a4b96b9db3eb08f19fc3e8744e7ac46ea7afc6f8723e9ff8dbe9abc762ef2528ca776b8a48119d205
-
SSDEEP
12288:5i4svoOVWtlmiObEWInEKB2zYiW50813Cjg:sBoOKmiOYWML4YiWiK3Cjg
Static task
static1
Behavioral task
behavioral1
Sample
SSM-1998.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
SSM-1998.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.labuanshipyard.com - Port:
587 - Username:
[email protected] - Password:
Pass123! - Email To:
[email protected]
Targets
-
-
Target
SSM-1998.exe
-
Size
852KB
-
MD5
e7dd9499e3d6870e42828b4eeed3d81c
-
SHA1
0245bbf3c2e5169fbeaef1ae56f1e80a70360e75
-
SHA256
d00f8dee3e81decbb37ef2651c88d3ba46a959d5bfe1d71fc17afd8b4704b4bd
-
SHA512
983585d297f788eae4db092cbb56d79c8918cd5212f67d7a4b96b9db3eb08f19fc3e8744e7ac46ea7afc6f8723e9ff8dbe9abc762ef2528ca776b8a48119d205
-
SSDEEP
12288:5i4svoOVWtlmiObEWInEKB2zYiW50813Cjg:sBoOKmiOYWML4YiWiK3Cjg
Score10/10-
Snake Keylogger payload
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-