General
-
Target
e140957366f6040c31704645bf11779a7d29ce1f5e83439d27eef95d7d0b021a_JC.exe
-
Size
564KB
-
Sample
231010-zrzc6scf89
-
MD5
f121da287c002c3151536083abf62938
-
SHA1
10121c54303bf0f0aaa02afba7ecabec45339096
-
SHA256
e140957366f6040c31704645bf11779a7d29ce1f5e83439d27eef95d7d0b021a
-
SHA512
cefecab1e697cd2609aa185cfae0a624fbea0691509487bb42ec4941123c61fa165efd6b5d09f0159a174c6b70bec48bb7fc212f0bb0c5600021575b84bc5cd8
-
SSDEEP
12288:C212iN4yiRJU/WcuoNt6E6FRCkQK0w7Q094jnez0VnB0:L19FeXor6E4CjLPC4ju
Static task
static1
Behavioral task
behavioral1
Sample
e140957366f6040c31704645bf11779a7d29ce1f5e83439d27eef95d7d0b021a_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
e140957366f6040c31704645bf11779a7d29ce1f5e83439d27eef95d7d0b021a_JC.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.ccrsservices.com - Port:
587 - Username:
[email protected] - Password:
pcg359ys - Email To:
[email protected]
Targets
-
-
Target
e140957366f6040c31704645bf11779a7d29ce1f5e83439d27eef95d7d0b021a_JC.exe
-
Size
564KB
-
MD5
f121da287c002c3151536083abf62938
-
SHA1
10121c54303bf0f0aaa02afba7ecabec45339096
-
SHA256
e140957366f6040c31704645bf11779a7d29ce1f5e83439d27eef95d7d0b021a
-
SHA512
cefecab1e697cd2609aa185cfae0a624fbea0691509487bb42ec4941123c61fa165efd6b5d09f0159a174c6b70bec48bb7fc212f0bb0c5600021575b84bc5cd8
-
SSDEEP
12288:C212iN4yiRJU/WcuoNt6E6FRCkQK0w7Q094jnez0VnB0:L19FeXor6E4CjLPC4ju
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-