General
-
Target
P.I 30960 21-7.tar
-
Size
561KB
-
Sample
231023-rlq6lshb6z
-
MD5
f19f140a8c29a4b9ed2def37c69525e4
-
SHA1
cf1947039c82b02ff8e0b076c635ff6970df47c9
-
SHA256
f32902b2c20ae7f77d87e7de4699b3900be25970364cf474861892367f6fc120
-
SHA512
a689fcf1fe52987fbc7a9377cde9215f554fe7bdd0ff6f1fb62ccd284b1cc8dba72585a4b332e71d30c4eeee6e5c053c4106e7ab90fa33b9429c27684007c03a
-
SSDEEP
12288:OhNh6sxTA6qNhjA0FAqyWXF+Pj01Vx7aIVq+ixOtSfoVQ2u7:ODDxs6gtAuAek01VBVqLxOtS
Static task
static1
Behavioral task
behavioral1
Sample
P.I 30960 21-7.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
P.I 30960 21-7.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.saltapetrol.com.ar - Port:
587 - Username:
[email protected] - Password:
Lmolina*2881
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.saltapetrol.com.ar - Port:
587 - Username:
[email protected] - Password:
Lmolina*2881
Targets
-
-
Target
P.I 30960 21-7.exe
-
Size
560KB
-
MD5
c67b7f7552e1b08f43856b96d23276cb
-
SHA1
ebd5998132c184fc930c764d6fc4a0477a4587b3
-
SHA256
a65172838dff0b366ecc526b58f59689d1d86110dc2b949443a63ac8cd8008c4
-
SHA512
5a3c9b181e2c0fe2ae45ad63493166f36afa9303ab4db7fb647d1519566dddf0560107bfbb1b4cab1101fb3d9b5fcce620852ef48ecc54f4bbd873578cfd7fa0
-
SSDEEP
12288:JhNh6sxTA6qNhjA0FAqyWXF+Pj01Vx7aIVq+ixOtSfoVQ2u7:JDDxs6gtAuAek01VBVqLxOtS
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-