General
-
Target
NEAS.b88bee1afe7b8d9a9eb11c6293e552e0c4e91eef2bc3fe8984d65216f566a59cexe_JC.exe
-
Size
421KB
-
Sample
231026-ya98nsgf44
-
MD5
e2de701be7d14bfd5b55b58a992313d5
-
SHA1
ccd64813a765cc3a6604c5981d6921461bbe8386
-
SHA256
b88bee1afe7b8d9a9eb11c6293e552e0c4e91eef2bc3fe8984d65216f566a59c
-
SHA512
0613bf19c4c8af13e2c0c08020f64c62f89eb000ed4eec3040dd58b24ad2cdef942e36ec3b602835120350b2c3c79d02178bdd38dfd22f555ed90c563e4ec2f0
-
SSDEEP
12288:4uYF8hfn63OTIZEp2FjiOnKHMQhqL35bgaG:4uXfn6BBFjiOnKHMQhqLLG
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.b88bee1afe7b8d9a9eb11c6293e552e0c4e91eef2bc3fe8984d65216f566a59cexe_JC.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
NEAS.b88bee1afe7b8d9a9eb11c6293e552e0c4e91eef2bc3fe8984d65216f566a59cexe_JC.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.alualuminium.com.my - Port:
587 - Username:
[email protected] - Password:
U8G4S13#8Zk$ - Email To:
[email protected]
Targets
-
-
Target
NEAS.b88bee1afe7b8d9a9eb11c6293e552e0c4e91eef2bc3fe8984d65216f566a59cexe_JC.exe
-
Size
421KB
-
MD5
e2de701be7d14bfd5b55b58a992313d5
-
SHA1
ccd64813a765cc3a6604c5981d6921461bbe8386
-
SHA256
b88bee1afe7b8d9a9eb11c6293e552e0c4e91eef2bc3fe8984d65216f566a59c
-
SHA512
0613bf19c4c8af13e2c0c08020f64c62f89eb000ed4eec3040dd58b24ad2cdef942e36ec3b602835120350b2c3c79d02178bdd38dfd22f555ed90c563e4ec2f0
-
SSDEEP
12288:4uYF8hfn63OTIZEp2FjiOnKHMQhqL35bgaG:4uXfn6BBFjiOnKHMQhqLLG
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-