General
-
Target
2236-6-0x00000000003F0000-0x0000000000414000-memory.dmp
-
Size
144KB
-
Sample
231120-k1gr6aff7v
-
MD5
94765ae43c715ccfe88e04e40067b784
-
SHA1
ae4d330374e946f5d6606b70b83fef9ba6ca732e
-
SHA256
2d41c6919b1de545b775daf217439b9272a6da5c76488ae53cf2f63b836948f5
-
SHA512
ec021e41191a9b8ee8dd99e23496d1ba7172b3981875ed9ac0a969080d5801865c23e0bb76a1b042facde29c25c501e896a5c2e8a441af57082c77d9cfc0e878
-
SSDEEP
3072:RyryR6uag4XrhnMgUmGoIb7GBwBgxRgbY:lXCJUmGhb0xqb
Behavioral task
behavioral1
Sample
2236-6-0x00000000003F0000-0x0000000000414000-memory.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
2236-6-0x00000000003F0000-0x0000000000414000-memory.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.belt-tech.com.my - Port:
587 - Username:
[email protected] - Password:
Beltechpg@1234 - Email To:
[email protected]
Targets
-
-
Target
2236-6-0x00000000003F0000-0x0000000000414000-memory.dmp
-
Size
144KB
-
MD5
94765ae43c715ccfe88e04e40067b784
-
SHA1
ae4d330374e946f5d6606b70b83fef9ba6ca732e
-
SHA256
2d41c6919b1de545b775daf217439b9272a6da5c76488ae53cf2f63b836948f5
-
SHA512
ec021e41191a9b8ee8dd99e23496d1ba7172b3981875ed9ac0a969080d5801865c23e0bb76a1b042facde29c25c501e896a5c2e8a441af57082c77d9cfc0e878
-
SSDEEP
3072:RyryR6uag4XrhnMgUmGoIb7GBwBgxRgbY:lXCJUmGhb0xqb
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-