General
-
Target
תשלום בסוויפט 110468 3.11.2023.scr.exe
-
Size
1.1MB
-
Sample
231103-trxxfsee9z
-
MD5
cf89a03d499a9da3518a943bdaaf3f9a
-
SHA1
f6e1db56f0a6a88a787920a56acbb2406b5fca2b
-
SHA256
8c366bddcc19d07924b953259274f43f30c9a70f726c70420f8a01e07a209734
-
SHA512
4c61ab6c7014a868a7f1568074c018e469a2a4af6428a7e40cb4370d07b7c083a4b710d0c5b2c6c7c8ac5224e8301705643b599c3159f521dd97540df61f84f4
-
SSDEEP
24576:UfjHsVx69As4hkB/YAuseX7KvO1YAuJMi+sPV3GykDfMNVzCOgKIQtKoColK5dwL:CjHZ9AsQpAuserKvpAuJMi+sPV3GykDM
Static task
static1
Behavioral task
behavioral1
Sample
תשלום בסוויפט 110468 3.11.2023.scr.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
תשלום בסוויפט 110468 3.11.2023.scr.exe
Resource
win10v2004-20231025-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
resultsurex.com - Port:
587 - Username:
[email protected] - Password:
d()&nzU1tC3+
Protocol: ftp- Host:
ftp://ftp.resultsurex.com/ - Port:
21 - Username:
[email protected] - Password:
[XH~0fB9c]@*
https://api.telegram.org/bot6783929306:AAFJU35OkwjDMHKdR2FUDQELnw67_grsAts/sendMessage?chat_id=5986156290
Targets
-
-
Target
תשלום בסוויפט 110468 3.11.2023.scr.exe
-
Size
1.1MB
-
MD5
cf89a03d499a9da3518a943bdaaf3f9a
-
SHA1
f6e1db56f0a6a88a787920a56acbb2406b5fca2b
-
SHA256
8c366bddcc19d07924b953259274f43f30c9a70f726c70420f8a01e07a209734
-
SHA512
4c61ab6c7014a868a7f1568074c018e469a2a4af6428a7e40cb4370d07b7c083a4b710d0c5b2c6c7c8ac5224e8301705643b599c3159f521dd97540df61f84f4
-
SSDEEP
24576:UfjHsVx69As4hkB/YAuseX7KvO1YAuJMi+sPV3GykDfMNVzCOgKIQtKoColK5dwL:CjHZ9AsQpAuserKvpAuJMi+sPV3GykDM
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-