General
-
Target
d3bf86cd1382c566e22d9429972daf32e0ced27207578ec6e5d99ddca5bbecf2_JC.exe
-
Size
355KB
-
Sample
231003-sg741aec98
-
MD5
101a8f7c66a19b42e692b4bc60b9a2db
-
SHA1
ddecf26c53255a593d1c9ed06a862b79eabbe088
-
SHA256
d3bf86cd1382c566e22d9429972daf32e0ced27207578ec6e5d99ddca5bbecf2
-
SHA512
096ef5df41554e8085c49feadd8328587f32c81542f3f565397b5c84f4b2de038de0ce47bb3bd16e27c8e18dad5916736d93e82f0de07353bf4d06c99b22782f
-
SSDEEP
6144:BrXBIKD2SJMzodRpUZNFvz0SaArsvXmVQU5LRMfhX8dk6ceh9X3P9:hfD2S+j5cyRM5ak6ceX
Static task
static1
Behavioral task
behavioral1
Sample
d3bf86cd1382c566e22d9429972daf32e0ced27207578ec6e5d99ddca5bbecf2_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
d3bf86cd1382c566e22d9429972daf32e0ced27207578ec6e5d99ddca5bbecf2_JC.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.sienkakupeste.com - Port:
587 - Username:
[email protected] - Password:
010203sienka++ - Email To:
[email protected]
Targets
-
-
Target
d3bf86cd1382c566e22d9429972daf32e0ced27207578ec6e5d99ddca5bbecf2_JC.exe
-
Size
355KB
-
MD5
101a8f7c66a19b42e692b4bc60b9a2db
-
SHA1
ddecf26c53255a593d1c9ed06a862b79eabbe088
-
SHA256
d3bf86cd1382c566e22d9429972daf32e0ced27207578ec6e5d99ddca5bbecf2
-
SHA512
096ef5df41554e8085c49feadd8328587f32c81542f3f565397b5c84f4b2de038de0ce47bb3bd16e27c8e18dad5916736d93e82f0de07353bf4d06c99b22782f
-
SSDEEP
6144:BrXBIKD2SJMzodRpUZNFvz0SaArsvXmVQU5LRMfhX8dk6ceh9X3P9:hfD2S+j5cyRM5ak6ceX
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-