General
-
Target
swift.txt.exe
-
Size
529KB
-
Sample
231022-h55nnsea4z
-
MD5
cd5b6351f000e4622479883aca0fe314
-
SHA1
bc95de037e2ecfff50010a996646dd001aa7f7f3
-
SHA256
f4f50ce7cc274f69b17412721fab0ec1cde465a47570e7dad8fd84749feb5478
-
SHA512
9e571d5fcce5a7a9c36333c7c513d7d4f48705633dae765d626b7501bae18d469b72fc6052df6ecf127ee6d9f0150b1701f60b558392a42fc0cee2465521b48e
-
SSDEEP
12288:j8zS55mFzNgA4e4vS5im+ykiY/+fnUDtK/SsytobQB:jf55qRgA4v8f3fUD86tobQ
Static task
static1
Behavioral task
behavioral1
Sample
swift.txt.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
swift.txt.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.megakarsa.com - Port:
587 - Username:
[email protected] - Password:
f1n4nc3m3g4k4Rs4 - Email To:
[email protected]
Targets
-
-
Target
swift.txt.exe
-
Size
529KB
-
MD5
cd5b6351f000e4622479883aca0fe314
-
SHA1
bc95de037e2ecfff50010a996646dd001aa7f7f3
-
SHA256
f4f50ce7cc274f69b17412721fab0ec1cde465a47570e7dad8fd84749feb5478
-
SHA512
9e571d5fcce5a7a9c36333c7c513d7d4f48705633dae765d626b7501bae18d469b72fc6052df6ecf127ee6d9f0150b1701f60b558392a42fc0cee2465521b48e
-
SSDEEP
12288:j8zS55mFzNgA4e4vS5im+ykiY/+fnUDtK/SsytobQB:jf55qRgA4v8f3fUD86tobQ
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-