General
-
Target
PR6000570.exe
-
Size
687KB
-
Sample
231205-t9qabscd91
-
MD5
77f9482eebf5738fa5794c156d521179
-
SHA1
27412eb4675c9cbcc09e309b30667bfe724276a2
-
SHA256
1868580d2be029a52f049250e2db5d3e54f300bd8004a14f54398be123aaa478
-
SHA512
5ebb5e4e07a1d88daf6e4ea8aab6d8dab9ae84d39e3a4a1d95a17970027a66405e599c0e36e91811f925a298b67006d9f3b2eeb3a0f61e0940a857640b5647ad
-
SSDEEP
12288:IRKE6jD/62iNG5nF88DhobDdfqSgtf6orWVEOeRdWqfK94S7n7hNu:IRKtD/61I5ho35qB6orjREN
Static task
static1
Behavioral task
behavioral1
Sample
PR6000570.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
PR6000570.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.udignost.com - Port:
587 - Username:
[email protected] - Password:
4vzQdA14 - Email To:
[email protected]
Targets
-
-
Target
PR6000570.exe
-
Size
687KB
-
MD5
77f9482eebf5738fa5794c156d521179
-
SHA1
27412eb4675c9cbcc09e309b30667bfe724276a2
-
SHA256
1868580d2be029a52f049250e2db5d3e54f300bd8004a14f54398be123aaa478
-
SHA512
5ebb5e4e07a1d88daf6e4ea8aab6d8dab9ae84d39e3a4a1d95a17970027a66405e599c0e36e91811f925a298b67006d9f3b2eeb3a0f61e0940a857640b5647ad
-
SSDEEP
12288:IRKE6jD/62iNG5nF88DhobDdfqSgtf6orWVEOeRdWqfK94S7n7hNu:IRKtD/61I5ho35qB6orjREN
Score10/10-
Snake Keylogger payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-