General
-
Target
0d269c5bad8cff20c0b755f7fc1f712f92bf8344590f68c42e120d1c20d3cadd.exe
-
Size
570KB
-
Sample
231127-vk8aaaae4s
-
MD5
5051aaf777adf442078cc253bd9b8cf0
-
SHA1
2354257cf3d4ba747ad0546744e01508dc23b9a5
-
SHA256
0d269c5bad8cff20c0b755f7fc1f712f92bf8344590f68c42e120d1c20d3cadd
-
SHA512
6ffcf31ca275f4974436304bad19a7c02d7b0832792cc3a978536c1a71d7b2b10acf68a5d2dfa918a54643fd5bebf215e26e39a36d4924d750019133b868a3fb
-
SSDEEP
12288:8E6jD/f0WocBQBc9YsGSlwdh7CqYkMt9ENzr:8tD/CcBDfGSlwdi9ENr
Static task
static1
Behavioral task
behavioral1
Sample
0d269c5bad8cff20c0b755f7fc1f712f92bf8344590f68c42e120d1c20d3cadd.exe
Resource
win7-20231025-en
Behavioral task
behavioral2
Sample
0d269c5bad8cff20c0b755f7fc1f712f92bf8344590f68c42e120d1c20d3cadd.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.alualuminium.com.my - Port:
587 - Username:
[email protected] - Password:
U8G4S13#8Zk$ - Email To:
[email protected]
Targets
-
-
Target
0d269c5bad8cff20c0b755f7fc1f712f92bf8344590f68c42e120d1c20d3cadd.exe
-
Size
570KB
-
MD5
5051aaf777adf442078cc253bd9b8cf0
-
SHA1
2354257cf3d4ba747ad0546744e01508dc23b9a5
-
SHA256
0d269c5bad8cff20c0b755f7fc1f712f92bf8344590f68c42e120d1c20d3cadd
-
SHA512
6ffcf31ca275f4974436304bad19a7c02d7b0832792cc3a978536c1a71d7b2b10acf68a5d2dfa918a54643fd5bebf215e26e39a36d4924d750019133b868a3fb
-
SSDEEP
12288:8E6jD/f0WocBQBc9YsGSlwdh7CqYkMt9ENzr:8tD/CcBDfGSlwdi9ENr
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-