General
-
Target
z56Contract.exe
-
Size
493KB
-
Sample
231129-rq95aaha2x
-
MD5
528120e21119abe464179f5ab433a333
-
SHA1
b80f5f12815584bddb246d36427c994629ba5c8e
-
SHA256
24c6082628e6b6daeede59cf5c1f1174a3ab6b3ac7e0d795f8c7c3af490f1940
-
SHA512
749df3aaf9c3ce8bc8bda8e0396da814a29f60390dfc24e1bf7f1b121bda13a4f0de4e95f56f5a539e37fd6b6d2acced75c80e644fcab45fef1a96810d2170c4
-
SSDEEP
12288:IN72CULP2X6Y+zbok1xB9vb5R3GhnEDVXyFRQ4ShjqFB1D:paqbzcUxz2x0CF7D
Static task
static1
Behavioral task
behavioral1
Sample
z56Contract.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
z56Contract.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.mct2.co.za - Port:
587 - Username:
[email protected] - Password:
00000
Targets
-
-
Target
z56Contract.exe
-
Size
493KB
-
MD5
528120e21119abe464179f5ab433a333
-
SHA1
b80f5f12815584bddb246d36427c994629ba5c8e
-
SHA256
24c6082628e6b6daeede59cf5c1f1174a3ab6b3ac7e0d795f8c7c3af490f1940
-
SHA512
749df3aaf9c3ce8bc8bda8e0396da814a29f60390dfc24e1bf7f1b121bda13a4f0de4e95f56f5a539e37fd6b6d2acced75c80e644fcab45fef1a96810d2170c4
-
SSDEEP
12288:IN72CULP2X6Y+zbok1xB9vb5R3GhnEDVXyFRQ4ShjqFB1D:paqbzcUxz2x0CF7D
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-