General
-
Target
swift.txt.exe
-
Size
514KB
-
Sample
231022-h683gsfg72
-
MD5
69f82fb1bb5bf5002ceb3681cf885cd2
-
SHA1
ea249abb8d980d184ae50b0bcb9729ba43966aae
-
SHA256
296b6f53d75d7cf11a83e21fc2c618897adcc24314a3a5587afe422b1cb6f758
-
SHA512
50153ddb2d401b99255339cc0729027a05f7f961738538a48e7b2600883b8cdccfbc1edc20895ee9523197d72962ff138c2718848097f0c9e1ba6aaf3e046334
-
SSDEEP
6144:Cq/YUzsjq8wJtwihAFb8E5F6TvhzvMChl2c5EthpiD3ViXA5StXN9J1ryPmBcKOZ:L/jRwyc5Fevhzvl9OWmXtd/1r7IWR+
Static task
static1
Behavioral task
behavioral1
Sample
swift.txt.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
swift.txt.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.megakarsa.com - Port:
587 - Username:
[email protected] - Password:
f1n4nc3m3g4k4Rs4 - Email To:
[email protected]
Targets
-
-
Target
swift.txt.exe
-
Size
514KB
-
MD5
69f82fb1bb5bf5002ceb3681cf885cd2
-
SHA1
ea249abb8d980d184ae50b0bcb9729ba43966aae
-
SHA256
296b6f53d75d7cf11a83e21fc2c618897adcc24314a3a5587afe422b1cb6f758
-
SHA512
50153ddb2d401b99255339cc0729027a05f7f961738538a48e7b2600883b8cdccfbc1edc20895ee9523197d72962ff138c2718848097f0c9e1ba6aaf3e046334
-
SSDEEP
6144:Cq/YUzsjq8wJtwihAFb8E5F6TvhzvMChl2c5EthpiD3ViXA5StXN9J1ryPmBcKOZ:L/jRwyc5Fevhzvl9OWmXtd/1r7IWR+
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-