General
-
Target
SecuriteInfo.com.Win32.PWSX-gen.7145.3884.exe
-
Size
578KB
-
Sample
231129-ewdbaaec8v
-
MD5
1b4fff675df6cd7b8256b9530d9f2da0
-
SHA1
00e4ceab35ba0ef12a44f560ede6a61d4206619c
-
SHA256
095874a28fb610214b5f0e2cb00246f160d6dfd3eaf8c8a033226e4266668374
-
SHA512
faf119858a053016c038e34d259c74fc730095ca687b7324f8f27fadeac6837034fe07b17f9df66e2a568027e6f525435ce18699703e2d76ba3647966f73ad98
-
SSDEEP
12288:YSncopox4xI1R3r65/aqqLWmeEs2KF36rS3rpf4w6aOmdx:YeF8Fr6b4WmeYuB4w6Rmdx
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.PWSX-gen.7145.3884.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Win32.PWSX-gen.7145.3884.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.belt-tech.com.my - Port:
587 - Username:
[email protected] - Password:
Beltechpg@1234 - Email To:
[email protected]
Targets
-
-
Target
SecuriteInfo.com.Win32.PWSX-gen.7145.3884.exe
-
Size
578KB
-
MD5
1b4fff675df6cd7b8256b9530d9f2da0
-
SHA1
00e4ceab35ba0ef12a44f560ede6a61d4206619c
-
SHA256
095874a28fb610214b5f0e2cb00246f160d6dfd3eaf8c8a033226e4266668374
-
SHA512
faf119858a053016c038e34d259c74fc730095ca687b7324f8f27fadeac6837034fe07b17f9df66e2a568027e6f525435ce18699703e2d76ba3647966f73ad98
-
SSDEEP
12288:YSncopox4xI1R3r65/aqqLWmeEs2KF36rS3rpf4w6aOmdx:YeF8Fr6b4WmeYuB4w6Rmdx
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-