General
-
Target
revised_invoice.exe
-
Size
828KB
-
Sample
230803-s5xceadh99
-
MD5
aba5cc62cc5479e1f5f5c733d750520a
-
SHA1
02670702f7c840e382edabab7933b5079112b2fe
-
SHA256
f6bdba555d1356168f7f1581949ab5ca8d6b20e9a6495e0cfcef8d3b129638a0
-
SHA512
2e17f86ff811d65d42a16424f439fb6cf236bd5785eb282830242755a081ef9bdefec051aeb5e853d2e326c36cccb0f97178269b562a736b17f10436280edcb5
-
SSDEEP
12288:QEKaJFds+DAOBwjoe1qtWiRW95ZZUiGTrj4z1/c7:5dYjoeYWJdZvd/O
Static task
static1
Behavioral task
behavioral1
Sample
revised_invoice.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
revised_invoice.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.qbangra.com - Port:
587 - Username:
[email protected] - Password:
QBangra2020 - Email To:
[email protected]
Targets
-
-
Target
revised_invoice.exe
-
Size
828KB
-
MD5
aba5cc62cc5479e1f5f5c733d750520a
-
SHA1
02670702f7c840e382edabab7933b5079112b2fe
-
SHA256
f6bdba555d1356168f7f1581949ab5ca8d6b20e9a6495e0cfcef8d3b129638a0
-
SHA512
2e17f86ff811d65d42a16424f439fb6cf236bd5785eb282830242755a081ef9bdefec051aeb5e853d2e326c36cccb0f97178269b562a736b17f10436280edcb5
-
SSDEEP
12288:QEKaJFds+DAOBwjoe1qtWiRW95ZZUiGTrj4z1/c7:5dYjoeYWJdZvd/O
Score10/10-
Snake Keylogger payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-