General
-
Target
1de5d25aecac6b32b06fe38549376748d098fd43abb5c23f73ee9ddb780080d6.zip
-
Size
542KB
-
Sample
231119-2dzswsdb8s
-
MD5
04dd171f40543a139913439c14882adf
-
SHA1
c215b0ee43acce5d875336708c1e7a944d8a3b63
-
SHA256
05f1181adeea215bae624fb5dff219361997812a2f2a8930c214993718b71d82
-
SHA512
a12d5744b9d7034e5a4ea6eda2f04d8cec36790355b33faddf88fb44f8ab4b50b20ca7486428880bea4890080af23fef6866f359a940cf97f375d706fc393834
-
SSDEEP
12288:RbRzOmj73Pq6Nuxb3gRclM3qJMnC7fHWVAJ:RVz1HPqYutQSlmnnC7fHWKJ
Static task
static1
Behavioral task
behavioral1
Sample
1de5d25aecac6b32b06fe38549376748d098fd43abb5c23f73ee9ddb780080d6.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
1de5d25aecac6b32b06fe38549376748d098fd43abb5c23f73ee9ddb780080d6.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.belt-tech.com.my - Port:
587 - Username:
[email protected] - Password:
Beltechpg@1234 - Email To:
[email protected]
Targets
-
-
Target
1de5d25aecac6b32b06fe38549376748d098fd43abb5c23f73ee9ddb780080d6.exe
-
Size
616KB
-
MD5
77521173381682b5a1deb286bce27bf4
-
SHA1
2ad56680cb0c821b18c269c63f4eeeb770140800
-
SHA256
1de5d25aecac6b32b06fe38549376748d098fd43abb5c23f73ee9ddb780080d6
-
SHA512
5366df45795f970f1b17113caf65c1e677b44da372cc85159fc4de4d8d32a08798aa4120cac956014c75fb71fce53ddfe8e76075b66c5f24e50a8f4a12254e53
-
SSDEEP
12288:h36N/bxyuAFnSz0cYMSE7a45naENKqIfPbY9QPNTURftb2pLuxQ:h3gqSznYMP5MbskYVapuQ
Score10/10-
Snake Keylogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-