General
-
Target
f9dc0ae354f8db63f7cf68e7bc5139a7e9f24dc16c333206269c45f7e3c4e2a9_JC.exe
-
Size
587KB
-
Sample
231013-cf8q5sca87
-
MD5
80fcd9ed15de00c8b2741fb9f23194fb
-
SHA1
d9d6055ec575d3feacdea68f8f802594fa15b062
-
SHA256
f9dc0ae354f8db63f7cf68e7bc5139a7e9f24dc16c333206269c45f7e3c4e2a9
-
SHA512
a2bccbe3c11ca2d61e164078933da927f7b604baf997fdc3e25087e193de0cdc05369cc3a6e70e87ec3c410005151e0ae25d352f1595cb01d60f35730f5c0f1b
-
SSDEEP
12288:LODphClGCx5AisTCgti4srpKC8t35dxC:LXgti4Gh8l5dxC
Static task
static1
Behavioral task
behavioral1
Sample
f9dc0ae354f8db63f7cf68e7bc5139a7e9f24dc16c333206269c45f7e3c4e2a9_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
f9dc0ae354f8db63f7cf68e7bc5139a7e9f24dc16c333206269c45f7e3c4e2a9_JC.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
smtp.1tcl.com - Port:
25 - Username:
[email protected] - Password:
RRa*ysS8
Targets
-
-
Target
f9dc0ae354f8db63f7cf68e7bc5139a7e9f24dc16c333206269c45f7e3c4e2a9_JC.exe
-
Size
587KB
-
MD5
80fcd9ed15de00c8b2741fb9f23194fb
-
SHA1
d9d6055ec575d3feacdea68f8f802594fa15b062
-
SHA256
f9dc0ae354f8db63f7cf68e7bc5139a7e9f24dc16c333206269c45f7e3c4e2a9
-
SHA512
a2bccbe3c11ca2d61e164078933da927f7b604baf997fdc3e25087e193de0cdc05369cc3a6e70e87ec3c410005151e0ae25d352f1595cb01d60f35730f5c0f1b
-
SSDEEP
12288:LODphClGCx5AisTCgti4srpKC8t35dxC:LXgti4Gh8l5dxC
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-