General
-
Target
be1c3157dae47377644ac3bc9fcb301be2365769b69a8282ad71181f05eaee4dexe.exe
-
Size
717KB
-
Sample
231205-wrnd5adf8v
-
MD5
411ee6022b7005ae8e76057377a9a183
-
SHA1
eda32fd2a813c8539ddaf4f30e99cf215a6f0139
-
SHA256
be1c3157dae47377644ac3bc9fcb301be2365769b69a8282ad71181f05eaee4d
-
SHA512
a86976d582f585c54e9e83863ce3eb91f87a241e0fc3681ecd9a813d5a89c22347c17d32c6f0c985969c66d5328bc6e08c5fb763ec9442cd56c3baf42905d95c
-
SSDEEP
12288:mfYNr4RDzxP45+po2OAaY9sTtKN+bwLfFN2OuNpEbbaUq+Zb:Izk+pJOO9sZo3Pt+WbbNq+t
Static task
static1
Behavioral task
behavioral1
Sample
be1c3157dae47377644ac3bc9fcb301be2365769b69a8282ad71181f05eaee4dexe.exe
Resource
win7-20231201-en
Behavioral task
behavioral2
Sample
be1c3157dae47377644ac3bc9fcb301be2365769b69a8282ad71181f05eaee4dexe.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.bhojwanindia.com - Port:
587 - Username:
[email protected] - Password:
bombayoffice123
Targets
-
-
Target
be1c3157dae47377644ac3bc9fcb301be2365769b69a8282ad71181f05eaee4dexe.exe
-
Size
717KB
-
MD5
411ee6022b7005ae8e76057377a9a183
-
SHA1
eda32fd2a813c8539ddaf4f30e99cf215a6f0139
-
SHA256
be1c3157dae47377644ac3bc9fcb301be2365769b69a8282ad71181f05eaee4d
-
SHA512
a86976d582f585c54e9e83863ce3eb91f87a241e0fc3681ecd9a813d5a89c22347c17d32c6f0c985969c66d5328bc6e08c5fb763ec9442cd56c3baf42905d95c
-
SSDEEP
12288:mfYNr4RDzxP45+po2OAaY9sTtKN+bwLfFN2OuNpEbbaUq+Zb:Izk+pJOO9sZo3Pt+WbbNq+t
Score10/10-
Snake Keylogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-