General
-
Target
cf89a03d499a9da3518a943bdaaf3f9a.bin
-
Size
442KB
-
Sample
231105-dm23lscb52
-
MD5
549fc6e30c8196c835566875e88099e9
-
SHA1
ee2e914f73b78ccb7f5b7618826be3e6c903342d
-
SHA256
ee17941713be610733db7fe7fe5fae7bf2bcc3cc5dc5b9bba593c6d624dd631e
-
SHA512
08cc94f88ea30a7bb3b6ae96bf2191bfd3ddecd9631162e68282da3ee52156601fe66ed5fe51d1649e7bbddb0ea340b469e098b1e06c9360063ec48fdeb45c0e
-
SSDEEP
12288:m4AeEHXZyC0XF28yzXomWiDoL3GMGJwSadrXww9e:Z7EHXwYbXlsGNJdadrXG
Static task
static1
Behavioral task
behavioral1
Sample
8c366bddcc19d07924b953259274f43f30c9a70f726c70420f8a01e07a209734.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
8c366bddcc19d07924b953259274f43f30c9a70f726c70420f8a01e07a209734.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
resultsurex.com - Port:
587 - Username:
[email protected] - Password:
d()&nzU1tC3+
Protocol: ftp- Host:
ftp://ftp.resultsurex.com/ - Port:
21 - Username:
[email protected] - Password:
[XH~0fB9c]@*
https://api.telegram.org/bot6783929306:AAFJU35OkwjDMHKdR2FUDQELnw67_grsAts/sendMessage?chat_id=5986156290
Targets
-
-
Target
8c366bddcc19d07924b953259274f43f30c9a70f726c70420f8a01e07a209734.exe
-
Size
1.1MB
-
MD5
cf89a03d499a9da3518a943bdaaf3f9a
-
SHA1
f6e1db56f0a6a88a787920a56acbb2406b5fca2b
-
SHA256
8c366bddcc19d07924b953259274f43f30c9a70f726c70420f8a01e07a209734
-
SHA512
4c61ab6c7014a868a7f1568074c018e469a2a4af6428a7e40cb4370d07b7c083a4b710d0c5b2c6c7c8ac5224e8301705643b599c3159f521dd97540df61f84f4
-
SSDEEP
24576:UfjHsVx69As4hkB/YAuseX7KvO1YAuJMi+sPV3GykDfMNVzCOgKIQtKoColK5dwL:CjHZ9AsQpAuserKvpAuJMi+sPV3GykDM
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-