General
-
Target
VSL Q88.exe
-
Size
315KB
-
Sample
231003-kxla6she8s
-
MD5
6be8e9398d30635fbca93732150a7840
-
SHA1
39c5164b57efa461a0ddfe1d262344a183a2287c
-
SHA256
9858672b7c7fa3f8b4ef2ed4b8ab8686f1edfdc46a382ae6296051ac3b2742c3
-
SHA512
91497507077c4e9f63a95f94221423968ce015878fdee0cd457ad45474171336d2f4a8b86679a8dd3542fa0f78658e67be6854d261e909e987dde7febaefbe36
-
SSDEEP
6144:pl8AdaxZli+Ua0z4my8PJ4+YcNM2IqEHTd51KSK:4AdahfUlz4mBPJ4gI1zd5kS
Static task
static1
Behavioral task
behavioral1
Sample
VSL Q88.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
VSL Q88.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.biglifshipping.com - Port:
587 - Username:
[email protected] - Password:
6[p8H(X_rbxr8&*k
Targets
-
-
Target
VSL Q88.exe
-
Size
315KB
-
MD5
6be8e9398d30635fbca93732150a7840
-
SHA1
39c5164b57efa461a0ddfe1d262344a183a2287c
-
SHA256
9858672b7c7fa3f8b4ef2ed4b8ab8686f1edfdc46a382ae6296051ac3b2742c3
-
SHA512
91497507077c4e9f63a95f94221423968ce015878fdee0cd457ad45474171336d2f4a8b86679a8dd3542fa0f78658e67be6854d261e909e987dde7febaefbe36
-
SSDEEP
6144:pl8AdaxZli+Ua0z4my8PJ4+YcNM2IqEHTd51KSK:4AdahfUlz4mBPJ4gI1zd5kS
-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-