General
-
Target
nCIMB-Transfer_Advice-202310301849809.z
-
Size
279KB
-
Sample
231107-1fnyqsha3t
-
MD5
012c4ae4763d43173a489103d44e4133
-
SHA1
ce8674d98d95ea6b9557f034895c71fe99030db2
-
SHA256
9171f5713f2e4653d1da40e8b8d3946208baf056a601106cfb054e71a0f21f3a
-
SHA512
85ee7b9198a63f8051b293908453eaab23de32a44237b8ec597d2cffecedcc1889db530c162de4d7600d6ffc55bd7e090c3d3ad22820d9a1b89d775521a1cc18
-
SSDEEP
6144:KTde146Y9u5jIV7iVcFyQTXZvkdtnUztSAe2XOIJN/vKUanWEsvZU0:+A14HveVonLedUtUe3hH
Static task
static1
Behavioral task
behavioral1
Sample
CIMB-Transfer_Advice-202310301849809.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
CIMB-Transfer_Advice-202310301849809.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.alualuminium.com.my - Port:
587 - Username:
[email protected] - Password:
U8G4S13#8Zk$ - Email To:
[email protected]
Targets
-
-
Target
CIMB-Transfer_Advice-202310301849809.exe
-
Size
330KB
-
MD5
bf6133744240674055bdd0b7783cea73
-
SHA1
790fe9b655289c7379cd100d3401a1d08da199e8
-
SHA256
1997d0db749ed1dfc24d90ea0fcf6af634aa34b5bd2b9ad35932493f67e9fdce
-
SHA512
44d63713637a85bf165797063c0e2d49ae42af055b733205acf1c5054573959512f5a4e0f6fcdfed880d46251859c575ca445f0a2aa533a6a57e4a02fe1d219d
-
SSDEEP
6144:MCKABMNiti0sBlU5gKB1lwPnGPLes5sOUvszaMzyMFsPe35bgaG/QQD:MfA6bhu8noLes5sOUvsziML35bgaGT
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-