General
-
Target
Img-scan161023.lnk
-
Size
189KB
-
Sample
231018-tmyceshd69
-
MD5
004667e1a9cb1ee8de89d34330a3d6df
-
SHA1
43563c2cc91b1070c064a7668e27dd9498a8954c
-
SHA256
dc79a6058912f81a0b7f112dc83902fc482c9d7be12450c6911028ebd66a1bce
-
SHA512
b027cd6a63614c1bd76fb5a68cc2e0469016b080836df8b251b6b45fae5bb7e7a8834bb70b5f1dca29539981c51f924684aa25b26be57803eb26a74be0e78f62
-
SSDEEP
3072:mPSEKR8itPqPiGjuyLAfOjRBM/JgQMHMJJActNlXrX:mP/KR8SZggG/SJgdOJ/Nh
Static task
static1
Behavioral task
behavioral1
Sample
Img-scan161023.lnk
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
Img-scan161023.lnk
Resource
win10v2004-20230915-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.avtorska.com.mk - Port:
587 - Username:
[email protected] - Password:
avtorska2014@
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.avtorska.com.mk - Port:
587 - Username:
[email protected] - Password:
avtorska2014@ - Email To:
[email protected]
Targets
-
-
Target
Img-scan161023.lnk
-
Size
189KB
-
MD5
004667e1a9cb1ee8de89d34330a3d6df
-
SHA1
43563c2cc91b1070c064a7668e27dd9498a8954c
-
SHA256
dc79a6058912f81a0b7f112dc83902fc482c9d7be12450c6911028ebd66a1bce
-
SHA512
b027cd6a63614c1bd76fb5a68cc2e0469016b080836df8b251b6b45fae5bb7e7a8834bb70b5f1dca29539981c51f924684aa25b26be57803eb26a74be0e78f62
-
SSDEEP
3072:mPSEKR8itPqPiGjuyLAfOjRBM/JgQMHMJJActNlXrX:mP/KR8SZggG/SJgdOJ/Nh
Score10/10-
Snake Keylogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-