General
-
Target
a18531a70b1cb63cc6aafae0220109c9.exe
-
Size
420KB
-
Sample
230801-mr8wdsfc49
-
MD5
a18531a70b1cb63cc6aafae0220109c9
-
SHA1
55d23deadcf9dd35419e317e6dbef569d7d761e1
-
SHA256
4ea05268962825997751d50f975c217ee9e5cde265fefa4a5335ef2f39730852
-
SHA512
e1f64379270dad155548389dfa8eb569882143a8704af309ecce434cd339b95c8161e04fb0ec030fececacc63d408643c65f8648e215f9310822e112c1708296
-
SSDEEP
12288:D6A/Q6KbxBgxBi36bXQPiTbdrdR6DCpCr:D6sQ62426
Static task
static1
Behavioral task
behavioral1
Sample
a18531a70b1cb63cc6aafae0220109c9.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
a18531a70b1cb63cc6aafae0220109c9.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
cmail2.webkontrol.doruk.net.tr - Port:
587 - Username:
[email protected] - Password:
mentor2014 - Email To:
[email protected]
Targets
-
-
Target
a18531a70b1cb63cc6aafae0220109c9.exe
-
Size
420KB
-
MD5
a18531a70b1cb63cc6aafae0220109c9
-
SHA1
55d23deadcf9dd35419e317e6dbef569d7d761e1
-
SHA256
4ea05268962825997751d50f975c217ee9e5cde265fefa4a5335ef2f39730852
-
SHA512
e1f64379270dad155548389dfa8eb569882143a8704af309ecce434cd339b95c8161e04fb0ec030fececacc63d408643c65f8648e215f9310822e112c1708296
-
SSDEEP
12288:D6A/Q6KbxBgxBi36bXQPiTbdrdR6DCpCr:D6sQ62426
Score10/10-
Snake Keylogger payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-