General
-
Target
4816d695d08cdefc6a284fc67cd268ce
-
Size
673KB
-
Sample
231226-bh2vyagghl
-
MD5
4816d695d08cdefc6a284fc67cd268ce
-
SHA1
0cbbc8f5bb8ca25b510ca6262869b85dee2d6675
-
SHA256
9b4bb65e2911db3bbd610b6e098ae4cb0b4aafec0a959609362e72bfe607f7f6
-
SHA512
ab0d0985b888da3a4d9713bf64a17f27002307ae66a092211b18e14bc13fb2a734aac8a3237d3d33ec5e480c6ce12e4386b791d5618dff43a3af8c030837790b
-
SSDEEP
12288:q7k2iNb4sWlkNb0Q/hjFm0nUprCV6qoAddEu/NpRYU:Gk1ysWlkF/XSdGHjddEu/
Static task
static1
Behavioral task
behavioral1
Sample
4816d695d08cdefc6a284fc67cd268ce.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
4816d695d08cdefc6a284fc67cd268ce.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
*nGhj2BVAMZC! - Email To:
[email protected]
Targets
-
-
Target
4816d695d08cdefc6a284fc67cd268ce
-
Size
673KB
-
MD5
4816d695d08cdefc6a284fc67cd268ce
-
SHA1
0cbbc8f5bb8ca25b510ca6262869b85dee2d6675
-
SHA256
9b4bb65e2911db3bbd610b6e098ae4cb0b4aafec0a959609362e72bfe607f7f6
-
SHA512
ab0d0985b888da3a4d9713bf64a17f27002307ae66a092211b18e14bc13fb2a734aac8a3237d3d33ec5e480c6ce12e4386b791d5618dff43a3af8c030837790b
-
SSDEEP
12288:q7k2iNb4sWlkNb0Q/hjFm0nUprCV6qoAddEu/NpRYU:Gk1ysWlkF/XSdGHjddEu/
Score10/10-
Snake Keylogger payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-