General
-
Target
NEAS.a65172838dff0b366ecc526b58f59689d1d86110dc2b949443a63ac8cd8008c4exe_JC.exe
-
Size
560KB
-
Sample
231024-zlb1pahe67
-
MD5
c67b7f7552e1b08f43856b96d23276cb
-
SHA1
ebd5998132c184fc930c764d6fc4a0477a4587b3
-
SHA256
a65172838dff0b366ecc526b58f59689d1d86110dc2b949443a63ac8cd8008c4
-
SHA512
5a3c9b181e2c0fe2ae45ad63493166f36afa9303ab4db7fb647d1519566dddf0560107bfbb1b4cab1101fb3d9b5fcce620852ef48ecc54f4bbd873578cfd7fa0
-
SSDEEP
12288:JhNh6sxTA6qNhjA0FAqyWXF+Pj01Vx7aIVq+ixOtSfoVQ2u7:JDDxs6gtAuAek01VBVqLxOtS
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.a65172838dff0b366ecc526b58f59689d1d86110dc2b949443a63ac8cd8008c4exe_JC.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
NEAS.a65172838dff0b366ecc526b58f59689d1d86110dc2b949443a63ac8cd8008c4exe_JC.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.saltapetrol.com.ar - Port:
587 - Username:
[email protected] - Password:
Lmolina*2881
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.saltapetrol.com.ar - Port:
587 - Username:
[email protected] - Password:
Lmolina*2881
Targets
-
-
Target
NEAS.a65172838dff0b366ecc526b58f59689d1d86110dc2b949443a63ac8cd8008c4exe_JC.exe
-
Size
560KB
-
MD5
c67b7f7552e1b08f43856b96d23276cb
-
SHA1
ebd5998132c184fc930c764d6fc4a0477a4587b3
-
SHA256
a65172838dff0b366ecc526b58f59689d1d86110dc2b949443a63ac8cd8008c4
-
SHA512
5a3c9b181e2c0fe2ae45ad63493166f36afa9303ab4db7fb647d1519566dddf0560107bfbb1b4cab1101fb3d9b5fcce620852ef48ecc54f4bbd873578cfd7fa0
-
SSDEEP
12288:JhNh6sxTA6qNhjA0FAqyWXF+Pj01Vx7aIVq+ixOtSfoVQ2u7:JDDxs6gtAuAek01VBVqLxOtS
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-