General
-
Target
d80adfb429565563472cc6e9d4fef4b8435c2804ad977c4f4d5452cf5462cb59.exe
-
Size
475KB
-
Sample
231127-vnq56sae66
-
MD5
9176d70680c26f6ecdcaa34176e156cc
-
SHA1
921afd31d5f7acaf2308325346a705d2ca11d18e
-
SHA256
d80adfb429565563472cc6e9d4fef4b8435c2804ad977c4f4d5452cf5462cb59
-
SHA512
bbfeb4ddd91151c735a6dd9e5522f56ae0bd58fd86ae2df9fe7aa0e4ce41cbe15824beb91e6163b4aae47f8327375ea46690d6924c10f625a41cf93adf210bc9
-
SSDEEP
12288:/y8opMEnPv0OxHxsk22oAKXTYLzLFjLm5AbAJzh/j67FEoc05n1F:/FUv/xsk2pcLvFjLmxjEEn0F
Static task
static1
Behavioral task
behavioral1
Sample
d80adfb429565563472cc6e9d4fef4b8435c2804ad977c4f4d5452cf5462cb59.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
d80adfb429565563472cc6e9d4fef4b8435c2804ad977c4f4d5452cf5462cb59.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.mct2.co.za - Port:
587 - Username:
[email protected] - Password:
00000
Targets
-
-
Target
d80adfb429565563472cc6e9d4fef4b8435c2804ad977c4f4d5452cf5462cb59.exe
-
Size
475KB
-
MD5
9176d70680c26f6ecdcaa34176e156cc
-
SHA1
921afd31d5f7acaf2308325346a705d2ca11d18e
-
SHA256
d80adfb429565563472cc6e9d4fef4b8435c2804ad977c4f4d5452cf5462cb59
-
SHA512
bbfeb4ddd91151c735a6dd9e5522f56ae0bd58fd86ae2df9fe7aa0e4ce41cbe15824beb91e6163b4aae47f8327375ea46690d6924c10f625a41cf93adf210bc9
-
SSDEEP
12288:/y8opMEnPv0OxHxsk22oAKXTYLzLFjLm5AbAJzh/j67FEoc05n1F:/FUv/xsk2pcLvFjLmxjEEn0F
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-