General
-
Target
NEAS.2e070bf82e1dc22ca1b3612faaaed7688cf8041b14cb1be60b953e25d7ef1919exe_JC.exe
-
Size
949KB
-
Sample
231024-ydpfdahc5w
-
MD5
4cbadf2f02b55b681ad8179318125627
-
SHA1
b7fcd5e0ec5b5ca2138c5243e0a2b96cbb3ce343
-
SHA256
2e070bf82e1dc22ca1b3612faaaed7688cf8041b14cb1be60b953e25d7ef1919
-
SHA512
358a258502f15ce71c1a8931a1b31da3b40ac899bde0314cfcf0104c79919e489b4eee07aad4ef6def334b7c889c3430cae68d5d4804ea6e248c6c726d02cad1
-
SSDEEP
12288:9yQaMFM0Mvxv9QtXV74LFpMQJfmJFGH/dqsBCSsoik88FXNnp:9yjv9e9SF7lmsFqHoikJXN
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.2e070bf82e1dc22ca1b3612faaaed7688cf8041b14cb1be60b953e25d7ef1919exe_JC.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
NEAS.2e070bf82e1dc22ca1b3612faaaed7688cf8041b14cb1be60b953e25d7ef1919exe_JC.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.worlorderbillions.top - Port:
587 - Username:
[email protected] - Password:
7f*ybyLDVD[J
Targets
-
-
Target
NEAS.2e070bf82e1dc22ca1b3612faaaed7688cf8041b14cb1be60b953e25d7ef1919exe_JC.exe
-
Size
949KB
-
MD5
4cbadf2f02b55b681ad8179318125627
-
SHA1
b7fcd5e0ec5b5ca2138c5243e0a2b96cbb3ce343
-
SHA256
2e070bf82e1dc22ca1b3612faaaed7688cf8041b14cb1be60b953e25d7ef1919
-
SHA512
358a258502f15ce71c1a8931a1b31da3b40ac899bde0314cfcf0104c79919e489b4eee07aad4ef6def334b7c889c3430cae68d5d4804ea6e248c6c726d02cad1
-
SSDEEP
12288:9yQaMFM0Mvxv9QtXV74LFpMQJfmJFGH/dqsBCSsoik88FXNnp:9yjv9e9SF7lmsFqHoikJXN
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-