General
-
Target
d9167b13f4f747f5e9b18a6688a7064e
-
Size
647KB
-
Sample
231222-sr5fvshagq
-
MD5
d9167b13f4f747f5e9b18a6688a7064e
-
SHA1
a6d4fe1e243c044ebdd87b87112455425cb0ef80
-
SHA256
e984ac49945dcc020a0019a071e0dc28ce80cc0d0047b9933c096cc2217f23b1
-
SHA512
4967510c7a4c2363a29b93fab7e0e3c89cbf157c3ff1547a7febfb87cd514c143c166af9690f565642e52c6ce48c2e7732edc87545290832e4337dfa1043b4cb
-
SSDEEP
6144:zxqsTbYPmKymjG8cea76pONLNSHtS/dntqBekMevgqAvHe:9qmbEm9my8L06pE8atqBekVvp
Static task
static1
Behavioral task
behavioral1
Sample
d9167b13f4f747f5e9b18a6688a7064e.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
d9167b13f4f747f5e9b18a6688a7064e.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.simgeasansor.com.tr - Port:
587 - Username:
[email protected] - Password:
C#2epm94 - Email To:
[email protected]
Targets
-
-
Target
d9167b13f4f747f5e9b18a6688a7064e
-
Size
647KB
-
MD5
d9167b13f4f747f5e9b18a6688a7064e
-
SHA1
a6d4fe1e243c044ebdd87b87112455425cb0ef80
-
SHA256
e984ac49945dcc020a0019a071e0dc28ce80cc0d0047b9933c096cc2217f23b1
-
SHA512
4967510c7a4c2363a29b93fab7e0e3c89cbf157c3ff1547a7febfb87cd514c143c166af9690f565642e52c6ce48c2e7732edc87545290832e4337dfa1043b4cb
-
SSDEEP
6144:zxqsTbYPmKymjG8cea76pONLNSHtS/dntqBekMevgqAvHe:9qmbEm9my8L06pE8atqBekVvp
Score10/10-
Snake Keylogger payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-