General
-
Target
6c2677ed30df0b5fda4e54ad887eed044f4acf8b442e328955e6c592d99b4434
-
Size
478KB
-
Sample
231127-cdrpvadf79
-
MD5
f63e68146edd617de80ec62f95e2a65b
-
SHA1
ffaf7c669d17867e6677508b178a66385a963538
-
SHA256
6c2677ed30df0b5fda4e54ad887eed044f4acf8b442e328955e6c592d99b4434
-
SHA512
e82eff481763ca368ba21e8dc6d6441af95974f269255878a21fa0707a96330acd99c86db3ab0fe6c070a88ff5121f4d74100966d012990a6997e6fd05984b54
-
SSDEEP
12288:Az5ZeEW7g38wH7ChBacYTIyeE4omnjwXQNbVr:yHW7gMwHaacWIybtEVr
Static task
static1
Behavioral task
behavioral1
Sample
Contract.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
Contract.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.mct2.co.za - Port:
587 - Username:
[email protected] - Password:
00000
Targets
-
-
Target
Contract.exe
-
Size
493KB
-
MD5
528120e21119abe464179f5ab433a333
-
SHA1
b80f5f12815584bddb246d36427c994629ba5c8e
-
SHA256
24c6082628e6b6daeede59cf5c1f1174a3ab6b3ac7e0d795f8c7c3af490f1940
-
SHA512
749df3aaf9c3ce8bc8bda8e0396da814a29f60390dfc24e1bf7f1b121bda13a4f0de4e95f56f5a539e37fd6b6d2acced75c80e644fcab45fef1a96810d2170c4
-
SSDEEP
12288:IN72CULP2X6Y+zbok1xB9vb5R3GhnEDVXyFRQ4ShjqFB1D:paqbzcUxz2x0CF7D
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-