General
-
Target
791a8a2c3ba4e40f4f39139d7f30a00f
-
Size
861KB
-
Sample
240127-dh59gabha4
-
MD5
791a8a2c3ba4e40f4f39139d7f30a00f
-
SHA1
d5c65dee4aa562acc1806d734cc74c50d78b674f
-
SHA256
728ef2a64a4d0f892eba9c91c7b3cda8d76adb093747a307277807782fb50d8c
-
SHA512
3424abb634bd098d9a519284e103f7faa856a43007dab8cbe0930f6ee50e2d77f318fb821107f2fb632761016c1707c44b1d43edc803c49583ae2497016ec537
-
SSDEEP
24576:mnoqWjnfp5bSZRoxIAcAyoUBEKcCm9bvjS:tqafptIUpe
Static task
static1
Behavioral task
behavioral1
Sample
DHL Notification-pdf.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
DHL Notification-pdf.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
25 - Username:
[email protected] - Password:
BkKMmzZ1 - Email To:
[email protected]
Targets
-
-
Target
DHL Notification-pdf.exe
-
Size
1.2MB
-
MD5
5228ecf840cf5bb8a37af32fdab81fe8
-
SHA1
200dc5f0010ce6cc1e27be47f7772b84454794c6
-
SHA256
9906d7c05680fc4b3e9c741e5c95d6c8acbd88f7ded4b451270cdfa7c8847c30
-
SHA512
f709e9e3f5dc74e04c3ad30df96926781a095c29c469b04151d0b17a14fca7ca5167fd7c084ba05e2fdb2082bf45597f06c1449bae2facec1472cbb1a4bbb00b
-
SSDEEP
24576:efOsBgo0q4wMiBmCmTOUd+L6kPXWKvjKcnta7IfdHjJ:eWoHM2mCm6Ud+zPXJjjntak5J
Score10/10-
Snake Keylogger payload
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-