General
-
Target
ZIx_AOnzGp6JdAXwEWaAyKFwZFF4uIpvqX25Om6oTxQ.bin
-
Size
547KB
-
Sample
231002-m4h6hahd2y
-
MD5
93cc7d700829839e827d5d9cc15c7c3c
-
SHA1
60dfe1c37fb20f6f186570a754584b3085b94886
-
SHA256
648c7e00e9f31a9e897405f0116680c8a170645178b88a6fa97db93a6ea84f14
-
SHA512
752cd42b4e96192cf75b06e398c384132ba221520da4dddb56dff19dcbd46d76732e883b452185c85dfc61bb0242beaef8ba9bd47cced78fa94b22876ac11cc3
-
SSDEEP
12288:PpmNumB0appp23UdL1xUpTpQEBR73JcGS2FfzDcHI4UXYk4Vl+fVQJKp:xty3D2kp1S/QilDl4/k2ktYi
Static task
static1
Behavioral task
behavioral1
Sample
ZIx_AOnzGp6JdAXwEWaAyKFwZFF4uIpvqX25Om6oTxQ.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
ZIx_AOnzGp6JdAXwEWaAyKFwZFF4uIpvqX25Om6oTxQ.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.setimetrasa.com - Port:
587 - Username:
[email protected] - Password:
Seti2020 - Email To:
[email protected]
Targets
-
-
Target
ZIx_AOnzGp6JdAXwEWaAyKFwZFF4uIpvqX25Om6oTxQ.bin
-
Size
547KB
-
MD5
93cc7d700829839e827d5d9cc15c7c3c
-
SHA1
60dfe1c37fb20f6f186570a754584b3085b94886
-
SHA256
648c7e00e9f31a9e897405f0116680c8a170645178b88a6fa97db93a6ea84f14
-
SHA512
752cd42b4e96192cf75b06e398c384132ba221520da4dddb56dff19dcbd46d76732e883b452185c85dfc61bb0242beaef8ba9bd47cced78fa94b22876ac11cc3
-
SSDEEP
12288:PpmNumB0appp23UdL1xUpTpQEBR73JcGS2FfzDcHI4UXYk4Vl+fVQJKp:xty3D2kp1S/QilDl4/k2ktYi
Score10/10-
Snake Keylogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-