General
-
Target
TKSC2310596000.exe
-
Size
544KB
-
Sample
230804-fbnf7ahe75
-
MD5
c580578c2d1d9203d43537f6e71a7c99
-
SHA1
ccff8d607eef5159e44fa349fb8fa7e8560600ec
-
SHA256
c545399c898bb75310af8f052aafc91e44893ff82905d80f3b449321b6c61489
-
SHA512
0abc9c9b8ce4ce830542e5ee2ab0a93ccf10f13b273ff0791bed71330aba07d9fe9a90dbdde0896dfcf79f928431f2592e215ea4247b9c86142c07124050d44a
-
SSDEEP
12288:2+15YQvjOuVfIQ3e97weN2LhB0iXmVDW0MDhYm5:2+1XOuv3C92LL0iXm+hYm5
Static task
static1
Behavioral task
behavioral1
Sample
TKSC2310596000.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
TKSC2310596000.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.alshagran.com.sa - Port:
587 - Username:
[email protected] - Password:
InI%789987014 - Email To:
[email protected]
Targets
-
-
Target
TKSC2310596000.exe
-
Size
544KB
-
MD5
c580578c2d1d9203d43537f6e71a7c99
-
SHA1
ccff8d607eef5159e44fa349fb8fa7e8560600ec
-
SHA256
c545399c898bb75310af8f052aafc91e44893ff82905d80f3b449321b6c61489
-
SHA512
0abc9c9b8ce4ce830542e5ee2ab0a93ccf10f13b273ff0791bed71330aba07d9fe9a90dbdde0896dfcf79f928431f2592e215ea4247b9c86142c07124050d44a
-
SSDEEP
12288:2+15YQvjOuVfIQ3e97weN2LhB0iXmVDW0MDhYm5:2+1XOuv3C92LL0iXm+hYm5
Score10/10-
Snake Keylogger payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-