General
-
Target
NEAS.NEASNEAScd35f2049e2d52ad861549173a06f04df54a67ab7b7411ef5af51320de45039dexeexeexe_JC.exe
-
Size
530KB
-
Sample
231018-xgz6lsbb85
-
MD5
2646f36c014d4f64fc466dd76f4b5c6e
-
SHA1
82b128585b00bd33e916c5d3b2461ad8096ae3cb
-
SHA256
cd35f2049e2d52ad861549173a06f04df54a67ab7b7411ef5af51320de45039d
-
SHA512
92b65f090b6196ae5e607303c6de4fed10804c7974830e58a92461d064c25dcdb6a91ffa8941b651cf33420cace98b35868326d3120973be7c9afbee7e11388c
-
SSDEEP
12288:kBLXmsrJM12jMvEJQpCztZsu/K1YfiL8Q+WtyMpq0N:kLWiMcjMMwCztZy1YfTQ5N
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.NEASNEAScd35f2049e2d52ad861549173a06f04df54a67ab7b7411ef5af51320de45039dexeexeexe_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
NEAS.NEASNEAScd35f2049e2d52ad861549173a06f04df54a67ab7b7411ef5af51320de45039dexeexeexe_JC.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.polyfabonline.com - Port:
587 - Username:
[email protected] - Password:
0zswhWSLWT_C - Email To:
[email protected]
Targets
-
-
Target
NEAS.NEASNEAScd35f2049e2d52ad861549173a06f04df54a67ab7b7411ef5af51320de45039dexeexeexe_JC.exe
-
Size
530KB
-
MD5
2646f36c014d4f64fc466dd76f4b5c6e
-
SHA1
82b128585b00bd33e916c5d3b2461ad8096ae3cb
-
SHA256
cd35f2049e2d52ad861549173a06f04df54a67ab7b7411ef5af51320de45039d
-
SHA512
92b65f090b6196ae5e607303c6de4fed10804c7974830e58a92461d064c25dcdb6a91ffa8941b651cf33420cace98b35868326d3120973be7c9afbee7e11388c
-
SSDEEP
12288:kBLXmsrJM12jMvEJQpCztZsu/K1YfiL8Q+WtyMpq0N:kLWiMcjMMwCztZy1YfTQ5N
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-