General
-
Target
bb2040e262a906cdd553a14bfdf69c83.exe
-
Size
126KB
-
Sample
231002-sycdnacb7s
-
MD5
bb2040e262a906cdd553a14bfdf69c83
-
SHA1
8be60fa020cea2dd37ae876e9e6e0b571e04fd50
-
SHA256
b82e41ff47a84abf4995b74382c70bbe8190f19173a4f8d6006f8cb952f68c97
-
SHA512
2b91adc5c134d4e32e3a95bacda1da59c1aaea05842e02c4bd9526c5cc1193094bca657423a8b926108021f2aa03e321379c39280bf80633b15788f722e3d5eb
-
SSDEEP
3072:7ALhE1U1mv5C425pqikR3b7t+jfwBlTx1gbY:JchEJ5bwUxWb
Behavioral task
behavioral1
Sample
bb2040e262a906cdd553a14bfdf69c83.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
bb2040e262a906cdd553a14bfdf69c83.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
snakekeylogger
Protocol: ftp- Host:
ftp://ftp.royalcheckout.store/ - Port:
21 - Username:
[email protected] - Password:
575K5(MaZro2575K5(MaZro2
Extracted
Protocol: ftp- Host:
ftp.royalcheckout.store - Port:
21 - Username:
[email protected] - Password:
575K5(MaZro2575K5(MaZro2
Targets
-
-
Target
bb2040e262a906cdd553a14bfdf69c83.exe
-
Size
126KB
-
MD5
bb2040e262a906cdd553a14bfdf69c83
-
SHA1
8be60fa020cea2dd37ae876e9e6e0b571e04fd50
-
SHA256
b82e41ff47a84abf4995b74382c70bbe8190f19173a4f8d6006f8cb952f68c97
-
SHA512
2b91adc5c134d4e32e3a95bacda1da59c1aaea05842e02c4bd9526c5cc1193094bca657423a8b926108021f2aa03e321379c39280bf80633b15788f722e3d5eb
-
SSDEEP
3072:7ALhE1U1mv5C425pqikR3b7t+jfwBlTx1gbY:JchEJ5bwUxWb
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-