General
-
Target
2311ecd73b56e0729a59883b8aa4f9f6a8344214ccbafcad1dd930b44c4db149
-
Size
485KB
-
Sample
231127-df2hhadh5s
-
MD5
ccc7c6b2200359689b43bfb9c7ba688a
-
SHA1
cc0b4643e00d870b32aa6a9669a30bfcd6073f77
-
SHA256
2311ecd73b56e0729a59883b8aa4f9f6a8344214ccbafcad1dd930b44c4db149
-
SHA512
eb1e4154ea27e15f54473e7e00ecb1874a45786595462325a34c8e318e0965af1b41c701df35455ca5194b7eb8bcd6dceff7e0ce82115c25cdff8da4bf746564
-
SSDEEP
12288:6bezYflL3PIdhKyjgvJ6uSFpoWfXCRCGx:6bebhKy0vcumpvXGx
Static task
static1
Behavioral task
behavioral1
Sample
Product list.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
Product list.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.belt-tech.com.my - Port:
587 - Username:
[email protected] - Password:
Beltechpg@1234 - Email To:
[email protected]
Targets
-
-
Target
Product list.exe
-
Size
503KB
-
MD5
fa80fb2fedf1df252aa7c10c6cf22ff5
-
SHA1
65dbe24bb00dc5278926b1849a1e853d72d6d372
-
SHA256
8c9a2cdbc372e1eb39e247cc1d444c7b97c35061aaf9aa568c421fbc8c0d0cad
-
SHA512
8fe343882e1627d7a9c36809ca051f27f2cd37769fcb0135c076f0173090acbac76cda912bc934d299c5465f7f274ca3e68296b1abadfa0b32141a2c9d25a909
-
SSDEEP
12288:yg72ChrTx3+u+KaqNbXq1o8lIyBnxlQqVMORM:1ngjKaW6dISnxlQqVTR
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-