General
-
Target
196f562ae3cebed851f73043975d99dd.exe
-
Size
339KB
-
Sample
231002-swbz4sdg58
-
MD5
196f562ae3cebed851f73043975d99dd
-
SHA1
0808080c6d5ffddd265a93e3e4a562e80114ade8
-
SHA256
104abce62386d513f5fee5de90a86aae430c00bbfc6cd05f4cf183b058a4cdb5
-
SHA512
5268f09614b0653be57745afbe2fabf08f8e74d36b53ddf50b04cec6ea264d884e47e1fcfc37c3e4781c86166dbf6b6f7876cfbdac3472c10ad8ed92ec38536a
-
SSDEEP
6144:5rguHQQbURQH1xAipzE80jWS1YKydW89T9Zz+9A6W5g2NYY:5rguH/URQVxAipzI2i8t9ZyA6W5gW
Static task
static1
Behavioral task
behavioral1
Sample
196f562ae3cebed851f73043975d99dd.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
196f562ae3cebed851f73043975d99dd.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
system222222 - Email To:
[email protected]
Targets
-
-
Target
196f562ae3cebed851f73043975d99dd.exe
-
Size
339KB
-
MD5
196f562ae3cebed851f73043975d99dd
-
SHA1
0808080c6d5ffddd265a93e3e4a562e80114ade8
-
SHA256
104abce62386d513f5fee5de90a86aae430c00bbfc6cd05f4cf183b058a4cdb5
-
SHA512
5268f09614b0653be57745afbe2fabf08f8e74d36b53ddf50b04cec6ea264d884e47e1fcfc37c3e4781c86166dbf6b6f7876cfbdac3472c10ad8ed92ec38536a
-
SSDEEP
6144:5rguHQQbURQH1xAipzE80jWS1YKydW89T9Zz+9A6W5g2NYY:5rguH/URQVxAipzI2i8t9ZyA6W5gW
Score10/10-
Snake Keylogger payload
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-