General
-
Target
19aa66f2ca96ec4579ee920e9ec1c73c
-
Size
433KB
-
Sample
231224-3gxy5sedg5
-
MD5
19aa66f2ca96ec4579ee920e9ec1c73c
-
SHA1
fca845bb38cbd038912a9150566a13f5af2f1d4e
-
SHA256
e75e132f419523529e59356445a2f5bb1a031281344a85598ba5059e608f8549
-
SHA512
a3e3e76e3198bccd60d1235c403e108fad8bf674b5cead354b2a0e2e0439a80c13b18065ca41cd674b62599f805a862ab1c704c9ee01f22219c12131cf385581
-
SSDEEP
6144:w09XrpG6Bcwqh3SB4Rb3DggpBMDPnGQ5njdynEqLl4p8dVRWuR4AY+SoKm6+hwou:wAdG6OE6YNDPlh43lFVRWuGAYqu
Static task
static1
Behavioral task
behavioral1
Sample
19aa66f2ca96ec4579ee920e9ec1c73c.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
19aa66f2ca96ec4579ee920e9ec1c73c.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.sayimkalip.com - Port:
587 - Username:
[email protected] - Password:
3edcvfr4** - Email To:
[email protected]
https://api.telegram.org/bot1483662500:AAGrMuxJV05-It-ke-xXVV6-R6IAtETpJb0/sendMessage?chat_id=1300181783
Targets
-
-
Target
19aa66f2ca96ec4579ee920e9ec1c73c
-
Size
433KB
-
MD5
19aa66f2ca96ec4579ee920e9ec1c73c
-
SHA1
fca845bb38cbd038912a9150566a13f5af2f1d4e
-
SHA256
e75e132f419523529e59356445a2f5bb1a031281344a85598ba5059e608f8549
-
SHA512
a3e3e76e3198bccd60d1235c403e108fad8bf674b5cead354b2a0e2e0439a80c13b18065ca41cd674b62599f805a862ab1c704c9ee01f22219c12131cf385581
-
SSDEEP
6144:w09XrpG6Bcwqh3SB4Rb3DggpBMDPnGQ5njdynEqLl4p8dVRWuR4AY+SoKm6+hwou:wAdG6OE6YNDPlh43lFVRWuGAYqu
Score10/10-
Snake Keylogger payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-