General
-
Target
2ee45a8f29a2a9650ecf303ba28ddf87.exe
-
Size
523KB
-
Sample
231013-d18sbace8w
-
MD5
2ee45a8f29a2a9650ecf303ba28ddf87
-
SHA1
36fc7927deda663b5dea936f952e047a28ce1ed5
-
SHA256
07656dde7e964ab7e49378a310d439f5c3201528ec707e0b1a138d5c61b8d63a
-
SHA512
3be0aec6f0e7a13c69a81760ae1aaec7990416071087a4799f11ec9852ba475d80e6b5481b7f45f9f444747cec13160a5c015f2e6fb4dde0f79a8ad94333c046
-
SSDEEP
12288:QjVtZ5/eTpd/upd/E2PKhk246c4MrgrMU0OViUYQF2xRTSns:QjTZ5GsPKWTQMQViUY1Xss
Static task
static1
Behavioral task
behavioral1
Sample
2ee45a8f29a2a9650ecf303ba28ddf87.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
2ee45a8f29a2a9650ecf303ba28ddf87.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.flexist.com.tr - Port:
587 - Username:
[email protected] - Password:
Merhaba2023. - Email To:
[email protected]
Targets
-
-
Target
2ee45a8f29a2a9650ecf303ba28ddf87.exe
-
Size
523KB
-
MD5
2ee45a8f29a2a9650ecf303ba28ddf87
-
SHA1
36fc7927deda663b5dea936f952e047a28ce1ed5
-
SHA256
07656dde7e964ab7e49378a310d439f5c3201528ec707e0b1a138d5c61b8d63a
-
SHA512
3be0aec6f0e7a13c69a81760ae1aaec7990416071087a4799f11ec9852ba475d80e6b5481b7f45f9f444747cec13160a5c015f2e6fb4dde0f79a8ad94333c046
-
SSDEEP
12288:QjVtZ5/eTpd/upd/E2PKhk246c4MrgrMU0OViUYQF2xRTSns:QjTZ5GsPKWTQMQViUY1Xss
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-