General
-
Target
79f9a890dca13753cad0b7458a60d0d7
-
Size
390KB
-
Sample
240127-mbebvabghj
-
MD5
79f9a890dca13753cad0b7458a60d0d7
-
SHA1
aedbf3a3c146008571b33ba08f062f4bdd7dd4bd
-
SHA256
10409aac92a9511e3dd34d21ada816b3e22c01c188e9cad9128215ebfd6b21fa
-
SHA512
b536a5e68adb41225698eabe0eac9ced62fa1a4ebed2739ad0dc4b8d36b6e9cf8c99f4b60882a66c36ec3f8564fad1a62b2f73e93f8b1424f422141a10aace55
-
SSDEEP
6144:W0C9DLZmKBcgqh3SB+4m9LRDipYeQ93SxN0z16uDutGJwUchrJdc196K:W0GtmKO0+RLIalSQ1gUc/6f6K
Static task
static1
Behavioral task
behavioral1
Sample
79f9a890dca13753cad0b7458a60d0d7.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
79f9a890dca13753cad0b7458a60d0d7.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
smtp.azebal.com - Port:
587 - Username:
[email protected] - Password:
xpSbcNC9 - Email To:
[email protected]
Targets
-
-
Target
79f9a890dca13753cad0b7458a60d0d7
-
Size
390KB
-
MD5
79f9a890dca13753cad0b7458a60d0d7
-
SHA1
aedbf3a3c146008571b33ba08f062f4bdd7dd4bd
-
SHA256
10409aac92a9511e3dd34d21ada816b3e22c01c188e9cad9128215ebfd6b21fa
-
SHA512
b536a5e68adb41225698eabe0eac9ced62fa1a4ebed2739ad0dc4b8d36b6e9cf8c99f4b60882a66c36ec3f8564fad1a62b2f73e93f8b1424f422141a10aace55
-
SSDEEP
6144:W0C9DLZmKBcgqh3SB+4m9LRDipYeQ93SxN0z16uDutGJwUchrJdc196K:W0GtmKO0+RLIalSQ1gUc/6f6K
Score10/10-
Snake Keylogger payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-