General
-
Target
99ff5837aae48213e7a715a46e880fafa35979316a08b9e17b604ef68296c436
-
Size
533KB
-
Sample
231128-m622dshd46
-
MD5
51a38484d620a91ff2953e059e25a66c
-
SHA1
2ff479f1d3ad6ec7c68c1749e464541453d616d4
-
SHA256
99ff5837aae48213e7a715a46e880fafa35979316a08b9e17b604ef68296c436
-
SHA512
303930ae92a5fdcdfb05f43fe50adeedc8c859840186eba4f4e347b0d47d17a04eaa0e7dcbac1689c9feeaed59f81087999dfacfeb5cca4546f96e273752a263
-
SSDEEP
12288:WEDYh2TDvSKzQY6FFz/zvJYGpPkd9vUnzEYWejMDfR8nY6+86qLPo4:RDYhkDvxQFzRJkd96ztWbZ8YeLV
Static task
static1
Behavioral task
behavioral1
Sample
New Po No AB 0571123.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
New Po No AB 0571123.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.belt-tech.com.my - Port:
587 - Username:
[email protected] - Password:
Beltechpg@1234 - Email To:
[email protected]
Targets
-
-
Target
New Po No AB 0571123.exe
-
Size
577KB
-
MD5
a4fa700148049299a5800d542d2691d2
-
SHA1
e1d5d567763ea8586b8d318de20d545ad97d98f6
-
SHA256
f2fd94a4807a949f3a53c1c0bf922d724d3fa0aa9e5a9dd834edbc9187597b84
-
SHA512
faae5801f98ae1fa93a3695be94eef69a2740bd40955e46dbc395588527fb17bc0ce773dcdb7adb8d5fc0cb01ab7eda7c746f64d16b9041da4e80c30011b5a9b
-
SSDEEP
12288:fED71TllYmtlNXItdKTtQ9maIMKlcViQmbCpk:fEDhTllLlRRJQ9LXq
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-