General
-
Target
627dc37a4c486ebedd53d20f173b884014f2a662bb82afcfc105ecd10fe3aed5_JC.exe
-
Size
498KB
-
Sample
231012-a6w4xseb9v
-
MD5
fd729caac6bb713b2142079eda41f0c8
-
SHA1
718c64817292ccf60e5087293b1c3fef01df802b
-
SHA256
627dc37a4c486ebedd53d20f173b884014f2a662bb82afcfc105ecd10fe3aed5
-
SHA512
503b104dc57d43f425e312a22303c9e90de7340eb3928c23e16eb5879e42c857386c94303f3a018c92aafbaf18278338850f0e8844f3d5a41a5c42fff44f23ff
-
SSDEEP
6144:Xf4NOk8oV/BR1z/8XIZwmlq/0efN0Ktl7ck1XSOiMulCnnJjH5y09Wh1amMwhTHp:qq/DfNWk1zduim0Y+wTHVKoN
Static task
static1
Behavioral task
behavioral1
Sample
627dc37a4c486ebedd53d20f173b884014f2a662bb82afcfc105ecd10fe3aed5_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
627dc37a4c486ebedd53d20f173b884014f2a662bb82afcfc105ecd10fe3aed5_JC.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.ksline.com.my - Port:
587 - Username:
[email protected] - Password:
ksline1410$$ - Email To:
[email protected]
Targets
-
-
Target
627dc37a4c486ebedd53d20f173b884014f2a662bb82afcfc105ecd10fe3aed5_JC.exe
-
Size
498KB
-
MD5
fd729caac6bb713b2142079eda41f0c8
-
SHA1
718c64817292ccf60e5087293b1c3fef01df802b
-
SHA256
627dc37a4c486ebedd53d20f173b884014f2a662bb82afcfc105ecd10fe3aed5
-
SHA512
503b104dc57d43f425e312a22303c9e90de7340eb3928c23e16eb5879e42c857386c94303f3a018c92aafbaf18278338850f0e8844f3d5a41a5c42fff44f23ff
-
SSDEEP
6144:Xf4NOk8oV/BR1z/8XIZwmlq/0efN0Ktl7ck1XSOiMulCnnJjH5y09Wh1amMwhTHp:qq/DfNWk1zduim0Y+wTHVKoN
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-