General
-
Target
mkpub_AEAT - Aviso de Notificación.rar
-
Size
492KB
-
Sample
231003-qnfl8acg87
-
MD5
3850e0ce2b16792a73d7ff5e08d2ba45
-
SHA1
fa75b7dd1ec8930b7e30f7635b193d1bead4e4ee
-
SHA256
6db4ceaa8c74088c9b31943c343a1cd6abeebeb1fcbbf75aa7f56cec9b0e0abc
-
SHA512
ce5c3e0cd672bc0b48e28cab9e48dd796919514f34ae434f3610c82dff528594447dcc0c16001503b12c4faf65b6f1d06635e74226fc08ea010bd69ed397493c
-
SSDEEP
12288:Hqo3OlfILpg3sHpXkzWKKYa90ExwrdGc0mUp:HGFZ3s4WcqSjUp
Static task
static1
Behavioral task
behavioral1
Sample
AEAT - Aviso de Notificación.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
AEAT - Aviso de Notificación.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.setimetrasa.com - Port:
587 - Username:
[email protected] - Password:
Seti2020 - Email To:
[email protected]
Targets
-
-
Target
AEAT - Aviso de Notificación.exe
-
Size
547KB
-
MD5
93cc7d700829839e827d5d9cc15c7c3c
-
SHA1
60dfe1c37fb20f6f186570a754584b3085b94886
-
SHA256
648c7e00e9f31a9e897405f0116680c8a170645178b88a6fa97db93a6ea84f14
-
SHA512
752cd42b4e96192cf75b06e398c384132ba221520da4dddb56dff19dcbd46d76732e883b452185c85dfc61bb0242beaef8ba9bd47cced78fa94b22876ac11cc3
-
SSDEEP
12288:PpmNumB0appp23UdL1xUpTpQEBR73JcGS2FfzDcHI4UXYk4Vl+fVQJKp:xty3D2kp1S/QilDl4/k2ktYi
Score10/10-
Snake Keylogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-