General
-
Target
PO 965362756.exe
-
Size
578KB
-
Sample
231130-hqx1aaha3z
-
MD5
ef0dbd849a17963eeedf4ff16d796f8e
-
SHA1
04708245d95f780a6d86c732c22dd5ebb64a258f
-
SHA256
fcff4f7f64b5242e1df739d339166fe76a88245e3de1ac1a49e5f1649d6dd4ba
-
SHA512
aefc3efee16c8783819a2d16e64b2b4313ee90fce9083af1562a8df6b8fcf9b03289824ca8732cc1ca8e5c1a500ab94498efbba000d3d000b2f68cb55eb3723f
-
SSDEEP
12288:wvcopox4onaEbl8ZSJfhjPysixic0BlK6L0oYkGMnXJeAFBT:Je5ZOfh2ZcBlKf4G+JeA
Static task
static1
Behavioral task
behavioral1
Sample
PO 965362756.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
PO 965362756.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.alualuminium.com.my - Port:
587 - Username:
[email protected] - Password:
U8G4S13#8Zk$ - Email To:
[email protected]
Targets
-
-
Target
PO 965362756.exe
-
Size
578KB
-
MD5
ef0dbd849a17963eeedf4ff16d796f8e
-
SHA1
04708245d95f780a6d86c732c22dd5ebb64a258f
-
SHA256
fcff4f7f64b5242e1df739d339166fe76a88245e3de1ac1a49e5f1649d6dd4ba
-
SHA512
aefc3efee16c8783819a2d16e64b2b4313ee90fce9083af1562a8df6b8fcf9b03289824ca8732cc1ca8e5c1a500ab94498efbba000d3d000b2f68cb55eb3723f
-
SSDEEP
12288:wvcopox4onaEbl8ZSJfhjPysixic0BlK6L0oYkGMnXJeAFBT:Je5ZOfh2ZcBlKf4G+JeA
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-