General
-
Target
626c1c9397f9088446443d6d1d52f06b
-
Size
363KB
-
Sample
231219-vdthjsbda9
-
MD5
626c1c9397f9088446443d6d1d52f06b
-
SHA1
008d20c888a3a65e050a55391d34f306dbf20fe5
-
SHA256
ee80b6540554d916cbb4d9d31b2d9f50e0aa3aa93da96d9bc6a6afb3a9ac0359
-
SHA512
7ecf072499c2db4e0e1b10e3abaf9a8d52ffdd4482f7a93153309a0d68172d4d68fef00cb74eaa9268ba6676fb5ee7935635938a3836c1a11bd735131acd3516
-
SSDEEP
6144:hCYLIwzZEKRv25Q0y3pOhNFFd5sOa7TP+XY:UEPREQ0gpmPFYjN
Static task
static1
Behavioral task
behavioral1
Sample
626c1c9397f9088446443d6d1d52f06b.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
626c1c9397f9088446443d6d1d52f06b.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.erfix.com.tr - Port:
587 - Username:
[email protected] - Password:
34@Erglgrp - Email To:
[email protected]
Targets
-
-
Target
626c1c9397f9088446443d6d1d52f06b
-
Size
363KB
-
MD5
626c1c9397f9088446443d6d1d52f06b
-
SHA1
008d20c888a3a65e050a55391d34f306dbf20fe5
-
SHA256
ee80b6540554d916cbb4d9d31b2d9f50e0aa3aa93da96d9bc6a6afb3a9ac0359
-
SHA512
7ecf072499c2db4e0e1b10e3abaf9a8d52ffdd4482f7a93153309a0d68172d4d68fef00cb74eaa9268ba6676fb5ee7935635938a3836c1a11bd735131acd3516
-
SSDEEP
6144:hCYLIwzZEKRv25Q0y3pOhNFFd5sOa7TP+XY:UEPREQ0gpmPFYjN
Score10/10-
Snake Keylogger payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-