General
-
Target
Sunfloww.exe
-
Size
458KB
-
Sample
231011-sspf2ahc99
-
MD5
9336e1b94359080686ac7d96212cd60c
-
SHA1
8cccdb6b4fbd9eee8ba4fe398c32da41f160b6f3
-
SHA256
0dd0c3082323a331ad2d5d36f5f7f3ac11826772077df7462da3229525d97862
-
SHA512
5a3ccf855581e51a188eee350928dbb56293ba345490b188207101f0ddb4162b5ca0eae12d0a65aedb6255be9e989c25d33d25a21a2d238b064892af24563ba1
-
SSDEEP
6144:Rk5+kbkZJ0aU7BfOp+1nRReEgNac8E9baVa0+f9g819Ri9WFYop10:Rk5Zki1pPOocCVax919RaW+w2
Static task
static1
Behavioral task
behavioral1
Sample
Sunfloww.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
Sunfloww.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.gulfparksuites.com - Port:
587 - Username:
[email protected] - Password:
Dammam2020
Targets
-
-
Target
Sunfloww.exe
-
Size
458KB
-
MD5
9336e1b94359080686ac7d96212cd60c
-
SHA1
8cccdb6b4fbd9eee8ba4fe398c32da41f160b6f3
-
SHA256
0dd0c3082323a331ad2d5d36f5f7f3ac11826772077df7462da3229525d97862
-
SHA512
5a3ccf855581e51a188eee350928dbb56293ba345490b188207101f0ddb4162b5ca0eae12d0a65aedb6255be9e989c25d33d25a21a2d238b064892af24563ba1
-
SSDEEP
6144:Rk5+kbkZJ0aU7BfOp+1nRReEgNac8E9baVa0+f9g819Ri9WFYop10:Rk5Zki1pPOocCVax919RaW+w2
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-