General
-
Target
5fa9f7e6d31ba4ba152a524a9834b4eaeb32a88e1bb48ed0e86b5d65b903ed14_JC.rar
-
Size
120KB
-
Sample
231004-whqswsfe99
-
MD5
bbe4ed27d95620b9cc5ccd8ff22c23ee
-
SHA1
1b547abf053a03dee69aa0ca7dd8e28dd2fd6427
-
SHA256
5fa9f7e6d31ba4ba152a524a9834b4eaeb32a88e1bb48ed0e86b5d65b903ed14
-
SHA512
d31bfe574e27cee0c1269758a5ce3c8cd9a237a3e0144295bd255055b33eb1de07536fcc80b49c11784b6ebac70a34d464caf13a876a8a7d36ebde1db7ad9c18
-
SSDEEP
3072:Dkn70nDxqiwAYavcar0Ub3TKvZMy2RX9cE:Dk72Dxtwovc4D6uyWiE
Static task
static1
Behavioral task
behavioral1
Sample
VSL Q88.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
VSL Q88.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.biglifshipping.com - Port:
587 - Username:
[email protected] - Password:
6[p8H(X_rbxr8&*k
Targets
-
-
Target
VSL Q88.exe
-
Size
315KB
-
MD5
6be8e9398d30635fbca93732150a7840
-
SHA1
39c5164b57efa461a0ddfe1d262344a183a2287c
-
SHA256
9858672b7c7fa3f8b4ef2ed4b8ab8686f1edfdc46a382ae6296051ac3b2742c3
-
SHA512
91497507077c4e9f63a95f94221423968ce015878fdee0cd457ad45474171336d2f4a8b86679a8dd3542fa0f78658e67be6854d261e909e987dde7febaefbe36
-
SSDEEP
6144:pl8AdaxZli+Ua0z4my8PJ4+YcNM2IqEHTd51KSK:4AdahfUlz4mBPJ4gI1zd5kS
-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-