General
-
Target
SecuriteInfo.com.Trojan.KeyloggerNET.54.10231.6973.exe
-
Size
367KB
-
Sample
231030-qjx1psda9y
-
MD5
d414eca1e374dac20dff6822d0793f84
-
SHA1
5f16530c1115f0422d152abc96974d04695a66f8
-
SHA256
84dd2a034d3c9d53d216198cb05f2d5fc65ad7dac487915196eda622a997bb05
-
SHA512
359d29279028a741f45ef760e6e7b191de73d35739926368da1f1f683f55a7e4c3ca3b76ff23042a1b2378227d2b8a88936baf95c4f81077cf351b5d76fa684d
-
SSDEEP
6144:I5OazRkvfvYVx96Aq9BTEWVCueYOtYYE2Odtyqd72fgQQD:I5OazyHYVx9k9+uZlYrOiqoc
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.KeyloggerNET.54.10231.6973.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Trojan.KeyloggerNET.54.10231.6973.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.comxdesign.com - Port:
587 - Username:
[email protected] - Password:
Allcare01! - Email To:
[email protected]
Targets
-
-
Target
SecuriteInfo.com.Trojan.KeyloggerNET.54.10231.6973.exe
-
Size
367KB
-
MD5
d414eca1e374dac20dff6822d0793f84
-
SHA1
5f16530c1115f0422d152abc96974d04695a66f8
-
SHA256
84dd2a034d3c9d53d216198cb05f2d5fc65ad7dac487915196eda622a997bb05
-
SHA512
359d29279028a741f45ef760e6e7b191de73d35739926368da1f1f683f55a7e4c3ca3b76ff23042a1b2378227d2b8a88936baf95c4f81077cf351b5d76fa684d
-
SSDEEP
6144:I5OazRkvfvYVx96Aq9BTEWVCueYOtYYE2Odtyqd72fgQQD:I5OazyHYVx9k9+uZlYrOiqoc
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-