General
-
Target
PO UAPO00060923.exe
-
Size
586KB
-
Sample
231011-x5hw8sad67
-
MD5
63eac08a3dc1ce9b6ae7ba733a73422e
-
SHA1
8cff5e582cf74c799ba4dcde9b8c65d601735446
-
SHA256
83c7cc2ec5eed8e246ebcffdf849c712f9c6a624e4b8852dbee04d9afefa49ce
-
SHA512
628e926d29844ecd3762fab33d36d65a406930d12d322b8cf009ce7519b0237cb3f9ef1fd185e5d1e2c3c822bb77f7fca771c7336eb55374b7afd215d21b0353
-
SSDEEP
12288:EQYX9KUwy1VJyOsHJa1V2JZJbhrz8LWo4Vbjhpm:ot+AVkOkk1yDWW1vhw
Static task
static1
Behavioral task
behavioral1
Sample
PO UAPO00060923.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
PO UAPO00060923.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.hostedemail.com - Port:
587 - Username:
[email protected] - Password:
A@thirst@ACC - Email To:
[email protected]
Targets
-
-
Target
PO UAPO00060923.exe
-
Size
586KB
-
MD5
63eac08a3dc1ce9b6ae7ba733a73422e
-
SHA1
8cff5e582cf74c799ba4dcde9b8c65d601735446
-
SHA256
83c7cc2ec5eed8e246ebcffdf849c712f9c6a624e4b8852dbee04d9afefa49ce
-
SHA512
628e926d29844ecd3762fab33d36d65a406930d12d322b8cf009ce7519b0237cb3f9ef1fd185e5d1e2c3c822bb77f7fca771c7336eb55374b7afd215d21b0353
-
SSDEEP
12288:EQYX9KUwy1VJyOsHJa1V2JZJbhrz8LWo4Vbjhpm:ot+AVkOkk1yDWW1vhw
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-