General
-
Target
NEAS.NEASNEAS48f2f1fbc52e8fcfff7b95c0cbd735975fe1ec8b383361027b8d3f730cc13c42exeexeexe_JC.exe
-
Size
523KB
-
Sample
231013-t64njsbh2w
-
MD5
c924f9fd5c158a713bf9fb27c417db9a
-
SHA1
c2ba795391c96b75544b7b9210a5fafa7def3be0
-
SHA256
48f2f1fbc52e8fcfff7b95c0cbd735975fe1ec8b383361027b8d3f730cc13c42
-
SHA512
91b0fd6dcc971673e6a546a63bf7f22c4e66e5aff9fa0728cb7013d90f7596a30b0e828c3c4f0ca00fb10fc6c822798fe96b7a91ae469de37885182934833b3d
-
SSDEEP
12288:rvohjwfdgVCMtvG22tjNVC3j4b1T8jI1IIyX7bCi:rvo2t2WjNVC3jiTEIy
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.NEASNEAS48f2f1fbc52e8fcfff7b95c0cbd735975fe1ec8b383361027b8d3f730cc13c42exeexeexe_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
NEAS.NEASNEAS48f2f1fbc52e8fcfff7b95c0cbd735975fe1ec8b383361027b8d3f730cc13c42exeexeexe_JC.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.hostedemail.com - Port:
587 - Username:
[email protected] - Password:
A@thirst@ACC - Email To:
[email protected]
Targets
-
-
Target
NEAS.NEASNEAS48f2f1fbc52e8fcfff7b95c0cbd735975fe1ec8b383361027b8d3f730cc13c42exeexeexe_JC.exe
-
Size
523KB
-
MD5
c924f9fd5c158a713bf9fb27c417db9a
-
SHA1
c2ba795391c96b75544b7b9210a5fafa7def3be0
-
SHA256
48f2f1fbc52e8fcfff7b95c0cbd735975fe1ec8b383361027b8d3f730cc13c42
-
SHA512
91b0fd6dcc971673e6a546a63bf7f22c4e66e5aff9fa0728cb7013d90f7596a30b0e828c3c4f0ca00fb10fc6c822798fe96b7a91ae469de37885182934833b3d
-
SSDEEP
12288:rvohjwfdgVCMtvG22tjNVC3j4b1T8jI1IIyX7bCi:rvo2t2WjNVC3jiTEIy
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-