General
-
Target
DHL AWB 5016240033.exe
-
Size
486KB
-
Sample
230803-s5w2msdh98
-
MD5
82c115af7f8d3ccac858d2665d546f7e
-
SHA1
87ba605097a8718208d98c7728e790fa3df2b98f
-
SHA256
62be48d55ce8452ccc11ebafef61b9229995eb863b4da994f5db249227f2045e
-
SHA512
f75e495f864fc1fdc574ad6b5b5e90a9cd8119caa15b8cbbb8047f4619cd2cc0282cd11c0ecbb73d64744f643001f2a02fe5b942550c4ab9584b4db22d3704bc
-
SSDEEP
12288:aq2Vp/eb830mMBGvvNrXg2lElnO4PzuwYy:b2Vl2ObJ3NrQzB
Static task
static1
Behavioral task
behavioral1
Sample
DHL AWB 5016240033.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
DHL AWB 5016240033.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.alshagran.com.sa - Port:
587 - Username:
[email protected] - Password:
InI%789987014 - Email To:
[email protected]
Targets
-
-
Target
DHL AWB 5016240033.exe
-
Size
486KB
-
MD5
82c115af7f8d3ccac858d2665d546f7e
-
SHA1
87ba605097a8718208d98c7728e790fa3df2b98f
-
SHA256
62be48d55ce8452ccc11ebafef61b9229995eb863b4da994f5db249227f2045e
-
SHA512
f75e495f864fc1fdc574ad6b5b5e90a9cd8119caa15b8cbbb8047f4619cd2cc0282cd11c0ecbb73d64744f643001f2a02fe5b942550c4ab9584b4db22d3704bc
-
SSDEEP
12288:aq2Vp/eb830mMBGvvNrXg2lElnO4PzuwYy:b2Vl2ObJ3NrQzB
Score10/10-
Snake Keylogger payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-