General
-
Target
AAD098656780.exe
-
Size
364KB
-
Sample
231009-f6kzjsaf6y
-
MD5
d42a5ffaa8adf709411fd8f90206f603
-
SHA1
e045a3ce2ea6415dec7b1e0280e4b5bd58ff70dc
-
SHA256
c671eea6e5c27b900aa96f1bea1f0dab359f175d149047adfa0e4aca83fac6f3
-
SHA512
eac6e5863f546caeaebceff1cf849b7a0c2068d4aa4a7399437a91588952bf79f29fab2400b524871b9dece0dcd986ef86db77b0a0a4d84ce88fdc118bf2d88d
-
SSDEEP
6144:j0nHBIKD2SJMzodRpUZNFvz6agXHW+RbQn18DDuY/NXOcwPFUPdk6ceh9X3P960G:UHfD2S+j56Jmub0aDuYlXOcwPS1k6ceN
Static task
static1
Behavioral task
behavioral1
Sample
AAD098656780.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
AAD098656780.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
posta.ni.net.tr - Port:
587 - Username:
[email protected] - Password:
nilya1957 - Email To:
[email protected]
Targets
-
-
Target
AAD098656780.exe
-
Size
364KB
-
MD5
d42a5ffaa8adf709411fd8f90206f603
-
SHA1
e045a3ce2ea6415dec7b1e0280e4b5bd58ff70dc
-
SHA256
c671eea6e5c27b900aa96f1bea1f0dab359f175d149047adfa0e4aca83fac6f3
-
SHA512
eac6e5863f546caeaebceff1cf849b7a0c2068d4aa4a7399437a91588952bf79f29fab2400b524871b9dece0dcd986ef86db77b0a0a4d84ce88fdc118bf2d88d
-
SSDEEP
6144:j0nHBIKD2SJMzodRpUZNFvz6agXHW+RbQn18DDuY/NXOcwPFUPdk6ceh9X3P960G:UHfD2S+j56Jmub0aDuYlXOcwPS1k6ceN
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-