General
-
Target
RFQ 261023.exe
-
Size
349KB
-
Sample
231106-vb858ace4z
-
MD5
c77ed66a06eaa6254d70a50e91fe68f6
-
SHA1
4523ac24ed151f6cd5cfceba37ad725e1a8afc0f
-
SHA256
25540f55ae5a200dd9635f60a3b62458b6d95386d0d92eab2282facc6f51084e
-
SHA512
d22fbea9fe6baa38ca6e3bd6d9324f70e9bf035a456a65751079b55968cc18920f3dbff69de97384ef2e27f27c54ea8597456f6176d035b8c220c672a992590b
-
SSDEEP
6144:tMVvcrQJL4IYYfnnZYJo57RuoGBfu9w9RzixhDeICv1M/Y8Q5AVSiwMpr5WR5oL1:2VE6VYYfIwRu7ICv1M/Y8Q5AVSiwcr5L
Static task
static1
Behavioral task
behavioral1
Sample
RFQ 261023.exe
Resource
win7-20231025-en
Behavioral task
behavioral2
Sample
RFQ 261023.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.alualuminium.com.my - Port:
587 - Username:
[email protected] - Password:
U8G4S13#8Zk$ - Email To:
[email protected]
Targets
-
-
Target
RFQ 261023.exe
-
Size
349KB
-
MD5
c77ed66a06eaa6254d70a50e91fe68f6
-
SHA1
4523ac24ed151f6cd5cfceba37ad725e1a8afc0f
-
SHA256
25540f55ae5a200dd9635f60a3b62458b6d95386d0d92eab2282facc6f51084e
-
SHA512
d22fbea9fe6baa38ca6e3bd6d9324f70e9bf035a456a65751079b55968cc18920f3dbff69de97384ef2e27f27c54ea8597456f6176d035b8c220c672a992590b
-
SSDEEP
6144:tMVvcrQJL4IYYfnnZYJo57RuoGBfu9w9RzixhDeICv1M/Y8Q5AVSiwMpr5WR5oL1:2VE6VYYfIwRu7ICv1M/Y8Q5AVSiwcr5L
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-