General
-
Target
c065acd3ce1ea7f83940aa11836e0d41
-
Size
487KB
-
Sample
231220-rcd5paghd2
-
MD5
c065acd3ce1ea7f83940aa11836e0d41
-
SHA1
16d7757b1e94c4eaaf3e73ae18265d9744c32358
-
SHA256
66b7c995ee00cdd1f2d9d75a8edfb6857f392d212116ff7b8a64e79d273655e8
-
SHA512
26f850b7171a117add93c4ab3845de5d4ff214d8bbc618eaca22f310c2d85060ffcd0f806b00c13c1d407b1333a88ab67692d828815b2dff830bf771b4be1d11
-
SSDEEP
12288:yqIof1TdNZnoHEDEhAGprOESOZy9NDN8wk:lIopkHEDEhfprOEhZip8wk
Static task
static1
Behavioral task
behavioral1
Sample
c065acd3ce1ea7f83940aa11836e0d41.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
c065acd3ce1ea7f83940aa11836e0d41.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
smtp.vivaldi.net - Port:
587 - Username:
[email protected] - Password:
1Endurance1234 - Email To:
[email protected]
Targets
-
-
Target
c065acd3ce1ea7f83940aa11836e0d41
-
Size
487KB
-
MD5
c065acd3ce1ea7f83940aa11836e0d41
-
SHA1
16d7757b1e94c4eaaf3e73ae18265d9744c32358
-
SHA256
66b7c995ee00cdd1f2d9d75a8edfb6857f392d212116ff7b8a64e79d273655e8
-
SHA512
26f850b7171a117add93c4ab3845de5d4ff214d8bbc618eaca22f310c2d85060ffcd0f806b00c13c1d407b1333a88ab67692d828815b2dff830bf771b4be1d11
-
SSDEEP
12288:yqIof1TdNZnoHEDEhAGprOESOZy9NDN8wk:lIopkHEDEhfprOEhZip8wk
Score10/10-
Snake Keylogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-