General
-
Target
Product list 4894216.exe
-
Size
518KB
-
Sample
231204-ggshrshc88
-
MD5
ad765d2ef67e4db961aa06c02b8f25cd
-
SHA1
4785d4998971c1719d064f62f7c939064eb7750c
-
SHA256
4da4ec8a7a3b648539a6c58926876bd08bafed5329b52e05a0da9d42365ed229
-
SHA512
9e1e2208cb7182be4ef2ec3251a97791d5ae39cd2938a54558f3b3c9c76980b3d55dc00c2b88c10fdedd2969476aa8530a5f0e4b359dbceef37e7d41dbb65349
-
SSDEEP
12288:H45+po2oe0Qr02iShrPHNKSBZlY7f79reeEmA6:m+pJPdrfiSps7f7pbT9
Static task
static1
Behavioral task
behavioral1
Sample
Product list 4894216.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
Product list 4894216.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.belt-tech.com.my - Port:
587 - Username:
[email protected] - Password:
Beltechpg@1234 - Email To:
[email protected]
Targets
-
-
Target
Product list 4894216.exe
-
Size
518KB
-
MD5
ad765d2ef67e4db961aa06c02b8f25cd
-
SHA1
4785d4998971c1719d064f62f7c939064eb7750c
-
SHA256
4da4ec8a7a3b648539a6c58926876bd08bafed5329b52e05a0da9d42365ed229
-
SHA512
9e1e2208cb7182be4ef2ec3251a97791d5ae39cd2938a54558f3b3c9c76980b3d55dc00c2b88c10fdedd2969476aa8530a5f0e4b359dbceef37e7d41dbb65349
-
SSDEEP
12288:H45+po2oe0Qr02iShrPHNKSBZlY7f79reeEmA6:m+pJPdrfiSps7f7pbT9
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-