General
-
Target
Invoice YA 2023.exe
-
Size
577KB
-
Sample
231130-hqtymagg99
-
MD5
2fdd47b3a729217cdd1848ce1d832bd2
-
SHA1
80b1f475e7c906927b87b76bea1d72a0ae0ce2c7
-
SHA256
855f8c478918d0202a467a90a5ead1be7a4e87e08485106a6a545938979204ac
-
SHA512
1036403542f266d9acc5203889fa55cd95d7a11559ce65baf44bdfc2f447a0575a87399067eafa89c15fe8d93fef52b1e1fb046ec388bfdf66076b6e465587e0
-
SSDEEP
12288:ANCCCCCCC8CpCPCCsCCOcopox4IpEMEKrMZtn0Mz2YhsDZIwNP:ECCCCCCC8CpCPCCsCCNeiCjP2+sDvNP
Static task
static1
Behavioral task
behavioral1
Sample
Invoice YA 2023.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
Invoice YA 2023.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.belt-tech.com.my - Port:
587 - Username:
[email protected] - Password:
Beltechpg@1234 - Email To:
[email protected]
Targets
-
-
Target
Invoice YA 2023.exe
-
Size
577KB
-
MD5
2fdd47b3a729217cdd1848ce1d832bd2
-
SHA1
80b1f475e7c906927b87b76bea1d72a0ae0ce2c7
-
SHA256
855f8c478918d0202a467a90a5ead1be7a4e87e08485106a6a545938979204ac
-
SHA512
1036403542f266d9acc5203889fa55cd95d7a11559ce65baf44bdfc2f447a0575a87399067eafa89c15fe8d93fef52b1e1fb046ec388bfdf66076b6e465587e0
-
SSDEEP
12288:ANCCCCCCC8CpCPCCsCCOcopox4IpEMEKrMZtn0Mz2YhsDZIwNP:ECCCCCCC8CpCPCCsCCNeiCjP2+sDvNP
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-