General
-
Target
fcbb18ac3efebbcbe42999b718ba2995.bin
-
Size
952KB
-
Sample
231221-d6l6haabh2
-
MD5
94a9758a6310f925a3f6457678053c56
-
SHA1
0720c6e4c8e467693b423d0fa21ac0eab84292f9
-
SHA256
e04168c6b566f3616dc36ea8eae36fa4ca1fc2b11ce02ad2069beddbf7c17761
-
SHA512
bfc140a0e92bd5d27ea01ae8d96c04a3eb963ad1bb7359d29c25c59093c738700c1f50581989509b32d6414f4a0b5fe4dbdd875597a4ae06cc5fa735a65b2553
-
SSDEEP
24576:j5bKynwUf6fjCs+8Ie2+M9+/LGu/tqb3RLkS3UtBER:FznVfqo8nQ+/yubSktBg
Static task
static1
Behavioral task
behavioral1
Sample
1d16237ed75b507f03609ede9722fff429f9a7386c4c4408a9f47623d7a28b50.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
1d16237ed75b507f03609ede9722fff429f9a7386c4c4408a9f47623d7a28b50.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
megatechcontrol.com - Port:
587 - Username:
[email protected] - Password:
megatech1#
Targets
-
-
Target
1d16237ed75b507f03609ede9722fff429f9a7386c4c4408a9f47623d7a28b50.exe
-
Size
1.1MB
-
MD5
fcbb18ac3efebbcbe42999b718ba2995
-
SHA1
8771d111792d957cbf775c7eecd743be4b49d0a7
-
SHA256
1d16237ed75b507f03609ede9722fff429f9a7386c4c4408a9f47623d7a28b50
-
SHA512
84ee10f0f75694d3dfca2c67e2899cfc0b31ffb9cdfdd4b8666d8f68ab1acc9be6da02e354a14a070b51ea173b36030e492047df6a1d3f2f5bd1679f817a9cc1
-
SSDEEP
24576:mYrGdfC41+CruFtTRXispYjwLf1JxuAnHWsKjIo1zMh:FZ41+CraTRXikxJsAnHWsKso1zMh
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-