General
-
Target
Request for Quotation -E23101031.exe
-
Size
586KB
-
Sample
231011-ltcqaseg7s
-
MD5
3c37e9c7692acfbcd640098bf27b96e7
-
SHA1
45351a864e8fc5bb40c0ded7f6cae5bb2c756d44
-
SHA256
f4126cc3a40b984f3b96ff7c372a7d97060d55c7394ea3f7fc9fae5f9ccb2554
-
SHA512
704372aab2f61facb3fa00d3f503070987bf1d25a6db6aa64e434efe2da02c5757e697044276679d7175ac18ca78b5d0ecb40171724108e7d415f592383910ba
-
SSDEEP
12288:Q5YX9KrQnZEtGI0IWwtIspPgX/SSONPMDn5yX6CPnDZ:pt5EQ7IrIMZSONED5yXvD
Static task
static1
Behavioral task
behavioral1
Sample
Request for Quotation -E23101031.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
Request for Quotation -E23101031.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.ksline.com.my - Port:
587 - Username:
[email protected] - Password:
ksline1410$$ - Email To:
[email protected]
Targets
-
-
Target
Request for Quotation -E23101031.exe
-
Size
586KB
-
MD5
3c37e9c7692acfbcd640098bf27b96e7
-
SHA1
45351a864e8fc5bb40c0ded7f6cae5bb2c756d44
-
SHA256
f4126cc3a40b984f3b96ff7c372a7d97060d55c7394ea3f7fc9fae5f9ccb2554
-
SHA512
704372aab2f61facb3fa00d3f503070987bf1d25a6db6aa64e434efe2da02c5757e697044276679d7175ac18ca78b5d0ecb40171724108e7d415f592383910ba
-
SSDEEP
12288:Q5YX9KrQnZEtGI0IWwtIspPgX/SSONPMDn5yX6CPnDZ:pt5EQ7IrIMZSONED5yXvD
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-