General
-
Target
NEAS.NEAS389239f46bd53422731e040d5f15b2d4ca9c2673e4292eec2632ba0ae1519e79exeexe_JC.exe
-
Size
580KB
-
Sample
231021-wth77agd9v
-
MD5
530aa0fb37f65a523b7de5902ab026dc
-
SHA1
b9c259eabb77d1b799fab9a89be5ff8ae983c9c9
-
SHA256
389239f46bd53422731e040d5f15b2d4ca9c2673e4292eec2632ba0ae1519e79
-
SHA512
4ba15977779d07244c832e0bdd6d8a4b00ee333569dd3611a67719c54f75a90069dba16817944428a609c9a3212f247df79437faf23872cbff233382b9cf2db0
-
SSDEEP
12288:WgR/mZRM+kLiSSHnTUUMkQIX3smOn3Xx6XKRGV6JJdqsQxwt:WgkZR5k0HQvkJng3HJ2
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.NEAS389239f46bd53422731e040d5f15b2d4ca9c2673e4292eec2632ba0ae1519e79exeexe_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
NEAS.NEAS389239f46bd53422731e040d5f15b2d4ca9c2673e4292eec2632ba0ae1519e79exeexe_JC.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.artifix.com.tr - Port:
587 - Username:
[email protected] - Password:
artifix.com.tr
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.artifix.com.tr - Port:
587 - Username:
[email protected] - Password:
artifix.com.tr
Targets
-
-
Target
NEAS.NEAS389239f46bd53422731e040d5f15b2d4ca9c2673e4292eec2632ba0ae1519e79exeexe_JC.exe
-
Size
580KB
-
MD5
530aa0fb37f65a523b7de5902ab026dc
-
SHA1
b9c259eabb77d1b799fab9a89be5ff8ae983c9c9
-
SHA256
389239f46bd53422731e040d5f15b2d4ca9c2673e4292eec2632ba0ae1519e79
-
SHA512
4ba15977779d07244c832e0bdd6d8a4b00ee333569dd3611a67719c54f75a90069dba16817944428a609c9a3212f247df79437faf23872cbff233382b9cf2db0
-
SSDEEP
12288:WgR/mZRM+kLiSSHnTUUMkQIX3smOn3Xx6XKRGV6JJdqsQxwt:WgkZR5k0HQvkJng3HJ2
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-