General
-
Target
2112511c1c89e31166b8f78a48124baf61c198b62a95ed3a2a73a01f4fe4d4d1
-
Size
282KB
-
Sample
231018-cc71faca22
-
MD5
4beebc87c25e85df60f72b637069bcd5
-
SHA1
c034af82eb5daeeb2710cc3d5e7db500c619003d
-
SHA256
2112511c1c89e31166b8f78a48124baf61c198b62a95ed3a2a73a01f4fe4d4d1
-
SHA512
061deaa4c642fb1aaa761528e952b07be23a9c9865053381567195f1cd6bffc30b0eeb9624ccb6a25a3ac363cb8d22708d2ec742c82c81dc9a899062fa768109
-
SSDEEP
6144:KA7mjL4OhBWYjj2/tTXwY6VsN5jJu0UT8QdnXMOhHtuOKtRyrt:KA7mYOhIYjypAY6VsTjJz4jtMOhHIhgx
Static task
static1
Behavioral task
behavioral1
Sample
Payment Confirmation.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
Payment Confirmation.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.cbrlandscapers.com.au - Port:
587 - Username:
[email protected] - Password:
Enter@247
Extracted
Protocol: smtp- Host:
mail.cbrlandscapers.com.au - Port:
587 - Username:
[email protected] - Password:
Enter@247
Targets
-
-
Target
Payment Confirmation.exe
-
Size
367KB
-
MD5
2a1a5cc3ca7f6824e6828bbf62d12941
-
SHA1
563001a47df408ffca7d1d9809fd76d39d0ced3e
-
SHA256
02d215970fa4a7280c152a5266161bdc4a8167bf384442f0c89039189d47f4cf
-
SHA512
979ce4bc6fbade35dbfb55401816ae2149b4ece7d4defaa1fc822d1e426ca7c7016d20e4d1b84654076daf2f7f3025478f9cb80a81267370f34bfe46af0d8089
-
SSDEEP
6144:RcfOazRkwtd9wSPqInJVwEjceYOtYYE2Odtyqd72fOsA:WfOazBD9wGDMEjcZlYrOiqoo
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-