General
-
Target
393aed486a97ea1b9bbfc044d6ce06cc01cf663fd2f49d1e47e2a8b01e008fe2
-
Size
511KB
-
Sample
231011-dbsd2acb43
-
MD5
c789c69457f884e168da807b7772aba5
-
SHA1
6fbaf15ec67c7fe9183c662911ae3a6e61c4e016
-
SHA256
393aed486a97ea1b9bbfc044d6ce06cc01cf663fd2f49d1e47e2a8b01e008fe2
-
SHA512
f72f32de71246397f7040162212ab3223099b6dfb4d3764084f175ee42d2f774a756c4c0b4a9fe68b4baee6640062c06c4da5cdb3f7701b794efb4ff08ea1fcc
-
SSDEEP
12288:hgqARI9CjibXIPtElddSWDMBzNNevPlNixzEGCOObk34:hZARIQPtE7dIBzNNevdNWwGCOO4o
Static task
static1
Behavioral task
behavioral1
Sample
Request for Quotation -E23101031.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
Request for Quotation -E23101031.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.ksline.com.my - Port:
587 - Username:
[email protected] - Password:
ksline1410$$ - Email To:
[email protected]
Targets
-
-
Target
Request for Quotation -E23101031.exe
-
Size
586KB
-
MD5
3c37e9c7692acfbcd640098bf27b96e7
-
SHA1
45351a864e8fc5bb40c0ded7f6cae5bb2c756d44
-
SHA256
f4126cc3a40b984f3b96ff7c372a7d97060d55c7394ea3f7fc9fae5f9ccb2554
-
SHA512
704372aab2f61facb3fa00d3f503070987bf1d25a6db6aa64e434efe2da02c5757e697044276679d7175ac18ca78b5d0ecb40171724108e7d415f592383910ba
-
SSDEEP
12288:Q5YX9KrQnZEtGI0IWwtIspPgX/SSONPMDn5yX6CPnDZ:pt5EQ7IrIMZSONED5yXvD
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-