General
-
Target
NEAS.SCH09876568009876098exe_JC.exe
-
Size
356KB
-
Sample
231006-slznesfg26
-
MD5
a9d79ca8143f17ee3d17596b500676c2
-
SHA1
737af7ca98ab36041889940a3468f690549448be
-
SHA256
765daa6202872b486382897bb06f4e17522fc29173677ea38e6e3451c5fb5d3e
-
SHA512
f66cd53aa1d123b8ddf8e02e291d9cb08e43fed2d0b107be328799e55f33a4383b7715d50e6b89dbea0d08f9560232d579ee2f4ad4082d43645e2c7bc05f1c16
-
SSDEEP
6144:L0nJBIKD2SJMz2dR8rZNlvzB0CCadHT3+lo2iUSe7Ye8i9Sw3Kc50RxTlSdk6ce4:sJfD2S+nRBl/HCTi/hetSw3juPek6ceV
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.SCH09876568009876098exe_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
NEAS.SCH09876568009876098exe_JC.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
posta.ni.net.tr - Port:
587 - Username:
[email protected] - Password:
nilya1957 - Email To:
[email protected]
Targets
-
-
Target
NEAS.SCH09876568009876098exe_JC.exe
-
Size
356KB
-
MD5
a9d79ca8143f17ee3d17596b500676c2
-
SHA1
737af7ca98ab36041889940a3468f690549448be
-
SHA256
765daa6202872b486382897bb06f4e17522fc29173677ea38e6e3451c5fb5d3e
-
SHA512
f66cd53aa1d123b8ddf8e02e291d9cb08e43fed2d0b107be328799e55f33a4383b7715d50e6b89dbea0d08f9560232d579ee2f4ad4082d43645e2c7bc05f1c16
-
SSDEEP
6144:L0nJBIKD2SJMz2dR8rZNlvzB0CCadHT3+lo2iUSe7Ye8i9Sw3Kc50RxTlSdk6ce4:sJfD2S+nRBl/HCTi/hetSw3juPek6ceV
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-