General
-
Target
NEAS.cdac9bc5fd2a4de255e4256bdc0a4f5a2869c6849f71c3904c25b71e6dfac52dexe_JC.exe
-
Size
560KB
-
Sample
231024-ztgadahf99
-
MD5
7ec6ec001094450070a36a8a0ff1693d
-
SHA1
3886efa46208974cf4f84f28fe365c16fdb4edf7
-
SHA256
cdac9bc5fd2a4de255e4256bdc0a4f5a2869c6849f71c3904c25b71e6dfac52d
-
SHA512
73ae7eba7e46e8dea6cf5fafe7743dbe6bb9e2cbb758e4fa97657ede20a0fa0071c44a8bd8efb61e49cd9e1c68afac3c0feb79d7d364c49ebce56afd3536b7c5
-
SSDEEP
12288:BhNh6sxTA6qNhnRUfPhb18/UEXdJ0/48ECRre5Hx5:BDDxs6gFRw1l0f/YreZx5
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.cdac9bc5fd2a4de255e4256bdc0a4f5a2869c6849f71c3904c25b71e6dfac52dexe_JC.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
NEAS.cdac9bc5fd2a4de255e4256bdc0a4f5a2869c6849f71c3904c25b71e6dfac52dexe_JC.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.defalife.com.tr - Port:
587 - Username:
[email protected] - Password:
Defalife124578
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.defalife.com.tr - Port:
587 - Username:
[email protected] - Password:
Defalife124578
Targets
-
-
Target
NEAS.cdac9bc5fd2a4de255e4256bdc0a4f5a2869c6849f71c3904c25b71e6dfac52dexe_JC.exe
-
Size
560KB
-
MD5
7ec6ec001094450070a36a8a0ff1693d
-
SHA1
3886efa46208974cf4f84f28fe365c16fdb4edf7
-
SHA256
cdac9bc5fd2a4de255e4256bdc0a4f5a2869c6849f71c3904c25b71e6dfac52d
-
SHA512
73ae7eba7e46e8dea6cf5fafe7743dbe6bb9e2cbb758e4fa97657ede20a0fa0071c44a8bd8efb61e49cd9e1c68afac3c0feb79d7d364c49ebce56afd3536b7c5
-
SSDEEP
12288:BhNh6sxTA6qNhnRUfPhb18/UEXdJ0/48ECRre5Hx5:BDDxs6gFRw1l0f/YreZx5
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-