General
-
Target
Inquiry.exe
-
Size
518KB
-
Sample
231204-v2xj4sdg74
-
MD5
59368f7ba4bed4898c8b2f8d4733a5a3
-
SHA1
f27d60029a8a01c92b61627e9e7867e475f4be32
-
SHA256
16146066675c9df7532245c9ae185e23ca948e07f5ecced8747ffa6c400bef61
-
SHA512
8bcdf445ad9b4abb624235858bbaeeb2a435656b93750bcbecbde97de5c9eb3639151a861d7ad02b64f3102a32b6510d38dafff581b48375b9e627cad1a58a84
-
SSDEEP
12288:245+po2dw7eprMXn1fBIPy8t/Eb50BOo/b/deT:1+pJdw6prMY3/Et0XTde
Static task
static1
Behavioral task
behavioral1
Sample
Inquiry.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
Inquiry.exe
Resource
win10v2004-20231201-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.alualuminium.com.my - Port:
587 - Username:
[email protected] - Password:
U8G4S13#8Zk$ - Email To:
[email protected]
Targets
-
-
Target
Inquiry.exe
-
Size
518KB
-
MD5
59368f7ba4bed4898c8b2f8d4733a5a3
-
SHA1
f27d60029a8a01c92b61627e9e7867e475f4be32
-
SHA256
16146066675c9df7532245c9ae185e23ca948e07f5ecced8747ffa6c400bef61
-
SHA512
8bcdf445ad9b4abb624235858bbaeeb2a435656b93750bcbecbde97de5c9eb3639151a861d7ad02b64f3102a32b6510d38dafff581b48375b9e627cad1a58a84
-
SSDEEP
12288:245+po2dw7eprMXn1fBIPy8t/Eb50BOo/b/deT:1+pJdw6prMY3/Et0XTde
Score10/10-
Snake Keylogger payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-