General
-
Target
aedd4f72fbf47730d604f6923ece737d.bin
-
Size
299KB
-
Sample
231107-yxcwpafd7w
-
MD5
aedd4f72fbf47730d604f6923ece737d
-
SHA1
56d94fa9ede964901532f9abe2e9a9badc55e48d
-
SHA256
c839949bc2ef0120313e192d7d13d39fae8fbf993edf477ca2aa074f745709ec
-
SHA512
528115da6ae5567ac7033390a903f23725af1f7f440fac6d4a11226a72f5355578d5bf7bd516f180fc8eb8a59eb6fe463dc1c655a56d5806b348bc71352c40ab
-
SSDEEP
6144:E7i7/EQGESYXT5hbq/Rqr2Z9rv6il5R17+y+NzKJx6vZy9Gy0:E7Aj3q/koyilR+ykoGy0
Static task
static1
Behavioral task
behavioral1
Sample
Vessels details.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
Vessels details.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.yandex.com - Port:
587 - Username:
[email protected] - Password:
chijiokejackson121
https://api.telegram.org/bot5206100572:AAFn3MxBuN0bjQhfY8y1ed9Iwi79LyIe75I/sendMessage?chat_id=2135869667
Targets
-
-
Target
Vessels details.exe
-
Size
374KB
-
MD5
015f92c031a3f47dc93b9410a156470b
-
SHA1
bd1ec48f94e2e79e30eed34e146a77e6dc5581f4
-
SHA256
567da55c5a9f89c31cc2e2ca01d9b688f2cf2d9614d93413eb05246a10a626e1
-
SHA512
6c378f61c06562915c21c66eaa2308626565eec7904e19f3a858ba648a192df4d06d9c8e1bd64f2c79a23560bed61d80bffcbf24ba518c894d7f9d7f2b5bcedc
-
SSDEEP
6144:DN7zMdPaeztFrgxaw2ZRZbGAZkMf7tZalavQoXEsYG65ug5hxxQg3NZLM:4ztFU2Z3GYkU7tZalavQwEHbkg3BjM
Score10/10-
Snake Keylogger payload
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-