General
-
Target
bebc0029d94116ae2f1d7ae6ce0f91376a188a90e0da62cc53030c831cfc0d45
-
Size
279KB
-
Sample
231027-lq894ade5v
-
MD5
f634c1f4e55329dbed158a66e007e3ab
-
SHA1
2444c0ac1b2628410cc7795a2454386c2bcb36b5
-
SHA256
bebc0029d94116ae2f1d7ae6ce0f91376a188a90e0da62cc53030c831cfc0d45
-
SHA512
7c51e804ea1a515c8d0854fc99da514756831ba38527d549c919f216881f615e56a56f35358d291ad59252c258fc9b135090c9d36425a68c34898713943ec706
-
SSDEEP
6144:I/gFXB5GkmEcLHpytKZjTraAW4mT0gF33rn3GJRVnHxOYJKEfU:I/Ybyp2KvWemwgxLInROwRc
Static task
static1
Behavioral task
behavioral1
Sample
URGENT RFQ! RFP82810.exe
Resource
win7-20231025-en
Behavioral task
behavioral2
Sample
URGENT RFQ! RFP82810.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.alsarisi.com - Port:
587 - Username:
[email protected] - Password:
May$2009 - Email To:
[email protected]
Targets
-
-
Target
URGENT RFQ! RFP82810.exe
-
Size
329KB
-
MD5
42df97789a51cb7ba473e6f447e83989
-
SHA1
400e3f2bc880dd690e4dcbfd8024995e83347d9d
-
SHA256
73dc704c3a82e161c621cdbd9164c9ee86ccb8b7fa0dcfc8f03ce40335c8604e
-
SHA512
0b3b26bb8d131fc506d9e3be57b1ef7d9c51f46a7dc9529bc4657a90767e09997e5675c91a2e83772ab4602b2c923d840ff5c708a831c24cf38b570eec6c023d
-
SSDEEP
6144:/CKQBMNitGsC/UJiQ2+423iCn3XgIqFsPe35bgaGPEQD:/fQ67sCYiX23PXbqL35bgaGf
Score10/10-
Snake Keylogger payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-