General
-
Target
file.exe
-
Size
367KB
-
Sample
231030-ggamysbc3t
-
MD5
4fd9426e87355c0c15b1d2214720a273
-
SHA1
e885e94d35df088ace24031f9e6822ac81c5506d
-
SHA256
b3c45a636fbb907b7a96dc9bb2986f698ca375524c61507a5fe414a940f72b16
-
SHA512
a25f7a9a5c8afc221a8f9151c2cf3ff2c500cd8d78f000dba47562a4e19d0d421ebc33dd1e50fde553325c6ca47849ee4c4905c389ba1fa9a1c7e9bd70ab346f
-
SSDEEP
6144:IKOazRkw8kJbjgehnX3Zosnp5eZf5TB/5a2pzenmeYOtYYE2Odtyqd72fgQQD:IKOazV8ojgehX3Zwf5TB/5aozenmZlYw
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20231025-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.comxdesign.com - Port:
587 - Username:
[email protected] - Password:
Allcare01!
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.comxdesign.com - Port:
587 - Username:
[email protected] - Password:
Allcare01! - Email To:
[email protected]
Targets
-
-
Target
file.exe
-
Size
367KB
-
MD5
4fd9426e87355c0c15b1d2214720a273
-
SHA1
e885e94d35df088ace24031f9e6822ac81c5506d
-
SHA256
b3c45a636fbb907b7a96dc9bb2986f698ca375524c61507a5fe414a940f72b16
-
SHA512
a25f7a9a5c8afc221a8f9151c2cf3ff2c500cd8d78f000dba47562a4e19d0d421ebc33dd1e50fde553325c6ca47849ee4c4905c389ba1fa9a1c7e9bd70ab346f
-
SSDEEP
6144:IKOazRkw8kJbjgehnX3Zosnp5eZf5TB/5a2pzenmeYOtYYE2Odtyqd72fgQQD:IKOazV8ojgehX3Zwf5TB/5aozenmZlYw
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-