General
-
Target
1de5d25aecac6b32b06fe38549376748d098fd43abb5c23f73ee9ddb780080d6.zip
-
Size
542KB
-
Sample
231119-zjgs6abd58
-
MD5
e4dc12f9e64e474d6cc2a083cc479f78
-
SHA1
f626a67ee75eba7d17533108a5ec6ec47e337462
-
SHA256
cd5853e5101dc8741e38245db1d64ec5b728c8c7fc1bf7cc13c181dbd45654ad
-
SHA512
79f2a5bfed1b4576a358cfb76b955cdcda6442dc4e9ead95a0411d5b7458150c8c97b7a97404f79a27429369591ffc3daf18ad4bd7fe1f2d9d0df1a91945e62e
-
SSDEEP
12288:1Kp0MTd8Sg+c4WikBGBJ5s6bosAuYdFQHKMZV8:cp0MC+c6kBMJ55aujKMZV8
Static task
static1
Behavioral task
behavioral1
Sample
1de5d25aecac6b32b06fe38549376748d098fd43abb5c23f73ee9ddb780080d6.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
1de5d25aecac6b32b06fe38549376748d098fd43abb5c23f73ee9ddb780080d6.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.belt-tech.com.my - Port:
587 - Username:
[email protected] - Password:
Beltechpg@1234 - Email To:
[email protected]
Targets
-
-
Target
1de5d25aecac6b32b06fe38549376748d098fd43abb5c23f73ee9ddb780080d6.exe
-
Size
616KB
-
MD5
77521173381682b5a1deb286bce27bf4
-
SHA1
2ad56680cb0c821b18c269c63f4eeeb770140800
-
SHA256
1de5d25aecac6b32b06fe38549376748d098fd43abb5c23f73ee9ddb780080d6
-
SHA512
5366df45795f970f1b17113caf65c1e677b44da372cc85159fc4de4d8d32a08798aa4120cac956014c75fb71fce53ddfe8e76075b66c5f24e50a8f4a12254e53
-
SSDEEP
12288:h36N/bxyuAFnSz0cYMSE7a45naENKqIfPbY9QPNTURftb2pLuxQ:h3gqSznYMP5MbskYVapuQ
Score10/10-
Snake Keylogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-