General
-
Target
a65172838dff0b366ecc526b58f59689d1d86110dc2b949443a63ac8cd8008c4.zip
-
Size
509KB
-
Sample
231023-vx9zmsdb42
-
MD5
4ceae2f236ff98c719856bf37460b8a1
-
SHA1
8f18b91fde4b0dfbf026e8f5c7dbd366c77d6a52
-
SHA256
8fb80ea737ad3dde176d64598d304be20ba317f45b1d9dfb4d418d27ea99fa3d
-
SHA512
7a6017d7a756540de93222e2e5f608fc637cf4f8f9b94a6e9ba71eb38ad03d04f3ee9a9753c193379926c0f334476321887722b22d65d2007dc1e7cb69c210b8
-
SSDEEP
12288:NymZ1gP2hK2WG63ePFcrJXDmlPYklfYND5qfypP4cx56qSyJE8ODvo:vZ1eg638CJmlwFyiP4o56qZJEXLo
Static task
static1
Behavioral task
behavioral1
Sample
a65172838dff0b366ecc526b58f59689d1d86110dc2b949443a63ac8cd8008c4.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
a65172838dff0b366ecc526b58f59689d1d86110dc2b949443a63ac8cd8008c4.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.saltapetrol.com.ar - Port:
587 - Username:
[email protected] - Password:
Lmolina*2881
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.saltapetrol.com.ar - Port:
587 - Username:
[email protected] - Password:
Lmolina*2881
Targets
-
-
Target
a65172838dff0b366ecc526b58f59689d1d86110dc2b949443a63ac8cd8008c4.exe
-
Size
560KB
-
MD5
c67b7f7552e1b08f43856b96d23276cb
-
SHA1
ebd5998132c184fc930c764d6fc4a0477a4587b3
-
SHA256
a65172838dff0b366ecc526b58f59689d1d86110dc2b949443a63ac8cd8008c4
-
SHA512
5a3c9b181e2c0fe2ae45ad63493166f36afa9303ab4db7fb647d1519566dddf0560107bfbb1b4cab1101fb3d9b5fcce620852ef48ecc54f4bbd873578cfd7fa0
-
SSDEEP
12288:JhNh6sxTA6qNhjA0FAqyWXF+Pj01Vx7aIVq+ixOtSfoVQ2u7:JDDxs6gtAuAek01VBVqLxOtS
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-