General
-
Target
1c75ed246b67d5d73d8116cae91fe71a
-
Size
651KB
-
Sample
231225-n4p5gsgbem
-
MD5
1c75ed246b67d5d73d8116cae91fe71a
-
SHA1
1bad67597cf5ba20500beea1df7f6f811d268fef
-
SHA256
6c4dce03c2361cd4ce1627de2e6d1ffa328de25fa8510830face0f908f35f0f3
-
SHA512
7dec787e585cbf73354e0d3ad2560f94b2e10a7d4c68079f2abcdf8880432ef0cb946dfafc5801ba8bab7575e656c61e5bcdff5a5b46d84847e74fc77bf67a98
-
SSDEEP
12288:/qaPU9aPU91wvBE8L7TOsBgo0q4wM3flvoyVb31jwdg4zUc54yG3Bot0M9IbCbU/:/qY7TOsBgo0q4wMtwaLT4zUc54t3OwbV
Static task
static1
Behavioral task
behavioral1
Sample
1c75ed246b67d5d73d8116cae91fe71a.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
1c75ed246b67d5d73d8116cae91fe71a.exe
Resource
win10v2004-20231222-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
smtp.fireacoustics.com - Port:
587 - Username:
[email protected] - Password:
_d:rzD~62Jxh - Email To:
[email protected]
Targets
-
-
Target
1c75ed246b67d5d73d8116cae91fe71a
-
Size
651KB
-
MD5
1c75ed246b67d5d73d8116cae91fe71a
-
SHA1
1bad67597cf5ba20500beea1df7f6f811d268fef
-
SHA256
6c4dce03c2361cd4ce1627de2e6d1ffa328de25fa8510830face0f908f35f0f3
-
SHA512
7dec787e585cbf73354e0d3ad2560f94b2e10a7d4c68079f2abcdf8880432ef0cb946dfafc5801ba8bab7575e656c61e5bcdff5a5b46d84847e74fc77bf67a98
-
SSDEEP
12288:/qaPU9aPU91wvBE8L7TOsBgo0q4wM3flvoyVb31jwdg4zUc54yG3Bot0M9IbCbU/:/qY7TOsBgo0q4wMtwaLT4zUc54t3OwbV
Score10/10-
Snake Keylogger payload
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-