General
-
Target
SCH09876568009876-0900.pdf..z.zip
-
Size
590KB
-
Sample
231006-h6nfsahf8w
-
MD5
9964c6426dd7581f4e57cb2fc5af0ad1
-
SHA1
7787c2cb4fa86175858523c62ae78225e259994c
-
SHA256
56256709f596532c266b723b263c3db71bb4b88d8051ade4fc83fc793b5f341e
-
SHA512
3ae1a3920d6711859a8b5bc509ff9dad7c6ebe6afbd481add0872c91bdfd869c2c87afc21487d7514c1991ef3a0408121a1989d2edfa9d19d80de1e854116e5d
-
SSDEEP
12288:L4bFfk9j+gb+AG+Sw3hvHy8F1MqrwrSz8gjgQztHg7SASw34E7Msn:8ZfC6AUw3hvS8F1lgSAmgQ9gmTw34E7f
Static task
static1
Behavioral task
behavioral1
Sample
SCH09876568009876-0900.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
SCH09876568009876-0900.exe
Resource
win10v2004-20230915-en
Behavioral task
behavioral3
Sample
SCH09876568009876-098.exe
Resource
win7-20230831-en
Behavioral task
behavioral4
Sample
SCH09876568009876-098.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
posta.ni.net.tr - Port:
587 - Username:
[email protected] - Password:
nilya1957 - Email To:
[email protected]
Targets
-
-
Target
SCH09876568009876-0900.exe
-
Size
362KB
-
MD5
aa5a9b89face6a291cf9057d321bdbb9
-
SHA1
d32b056096e926d6ba6ed31acf144e31eee6aa0e
-
SHA256
3e6e127fca912f8729025ec259e391805ff42648fa75c34f9ccc6551cb7fba55
-
SHA512
21b1876cf85d48a7cc54df836dbc2266e48e57f9679f260159185d78770b93334f06e8def42729021ffb082d822acf6d3cdc7839c9be112df9f31ee6b765f169
-
SSDEEP
6144:r0nJBIKD2SJMz2dR8rZNlvzd4o6adHT3+lo2iUSe7Ye8i9Sw3Kc50RxTlSdk6ces:MJfD2S+nRd4CHCTi/hetSw3juPek6ce5
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
-
-
Target
SCH09876568009876-098.exe
-
Size
356KB
-
MD5
a9d79ca8143f17ee3d17596b500676c2
-
SHA1
737af7ca98ab36041889940a3468f690549448be
-
SHA256
765daa6202872b486382897bb06f4e17522fc29173677ea38e6e3451c5fb5d3e
-
SHA512
f66cd53aa1d123b8ddf8e02e291d9cb08e43fed2d0b107be328799e55f33a4383b7715d50e6b89dbea0d08f9560232d579ee2f4ad4082d43645e2c7bc05f1c16
-
SSDEEP
6144:L0nJBIKD2SJMz2dR8rZNlvzB0CCadHT3+lo2iUSe7Ye8i9Sw3Kc50RxTlSdk6ce4:sJfD2S+nRBl/HCTi/hetSw3juPek6ceV
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-