General
-
Target
d8a5317c8c4e740557a01574cfebf71f.exe
-
Size
753KB
-
Sample
230805-lwmnaacf71
-
MD5
d8a5317c8c4e740557a01574cfebf71f
-
SHA1
129fe4f6b63412c22f728d7fec1da8cb69c9e0a5
-
SHA256
c92819a5b69535e455893801e3ceabc29f5659a213ff93d4891b36c8af740059
-
SHA512
4e52469c027f9a8a70cae3565bc7868b720c9249ba022db5eb4f636bb770e905e78c758792bae3174f499eb1b9ba09f359b0fa54fab811db0fa05cdd8a781916
-
SSDEEP
12288:FfNMRf0t5/T4U0T2yhANAv3g5uFDztzT90QQpO:FfyRc3bQ22A2vjtzTiXg
Static task
static1
Behavioral task
behavioral1
Sample
d8a5317c8c4e740557a01574cfebf71f.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
d8a5317c8c4e740557a01574cfebf71f.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.qbangra.com - Port:
587 - Username:
[email protected] - Password:
QBangra2020 - Email To:
[email protected]
Targets
-
-
Target
d8a5317c8c4e740557a01574cfebf71f.exe
-
Size
753KB
-
MD5
d8a5317c8c4e740557a01574cfebf71f
-
SHA1
129fe4f6b63412c22f728d7fec1da8cb69c9e0a5
-
SHA256
c92819a5b69535e455893801e3ceabc29f5659a213ff93d4891b36c8af740059
-
SHA512
4e52469c027f9a8a70cae3565bc7868b720c9249ba022db5eb4f636bb770e905e78c758792bae3174f499eb1b9ba09f359b0fa54fab811db0fa05cdd8a781916
-
SSDEEP
12288:FfNMRf0t5/T4U0T2yhANAv3g5uFDztzT90QQpO:FfyRc3bQ22A2vjtzTiXg
Score10/10-
Snake Keylogger payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-