General
-
Target
c222db0cd92214a58ae7eac53222c51b.exe
-
Size
563KB
-
Sample
231025-tx31nacf8t
-
MD5
c222db0cd92214a58ae7eac53222c51b
-
SHA1
3ce9bcf3c2e70b06bf2b4413487bf547f64e27ec
-
SHA256
eceb2e522f263fea7d5508f234654be5f08058200f3dd4cab31562578630334f
-
SHA512
f6287794961f47a0b1601caf087a313bfcfb4a3030f99712646aacb61aa464cd47a4d6535e247e99cd95678f00c4ac5984860697abb6cff33584a99fa49a1d8b
-
SSDEEP
12288:wOgR/mZRM+kZKaGCP28j/Y43BR4OTPxfHr0QPP0OJbarpr9ju:wOgkZR5kjGCP28jfRBt0Q3dJbap6
Static task
static1
Behavioral task
behavioral1
Sample
c222db0cd92214a58ae7eac53222c51b.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
c222db0cd92214a58ae7eac53222c51b.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.gulfparksuites.com - Port:
587 - Username:
[email protected] - Password:
Dammam2020
Targets
-
-
Target
c222db0cd92214a58ae7eac53222c51b.exe
-
Size
563KB
-
MD5
c222db0cd92214a58ae7eac53222c51b
-
SHA1
3ce9bcf3c2e70b06bf2b4413487bf547f64e27ec
-
SHA256
eceb2e522f263fea7d5508f234654be5f08058200f3dd4cab31562578630334f
-
SHA512
f6287794961f47a0b1601caf087a313bfcfb4a3030f99712646aacb61aa464cd47a4d6535e247e99cd95678f00c4ac5984860697abb6cff33584a99fa49a1d8b
-
SSDEEP
12288:wOgR/mZRM+kZKaGCP28j/Y43BR4OTPxfHr0QPP0OJbarpr9ju:wOgkZR5kjGCP28jfRBt0Q3dJbap6
Score10/10-
Snake Keylogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-