General
-
Target
865ece5b40731a1318f488d9011360e3
-
Size
650KB
-
Sample
240201-j13tyshbel
-
MD5
865ece5b40731a1318f488d9011360e3
-
SHA1
784f9b865ddec298a8b390f78eec2829db9588ee
-
SHA256
41b54ea5a4e4b02d96e09be1bbb655b6c6755c7f5f22fab9e8331e7ce911c010
-
SHA512
0988576c80188cfecd55e6214c999311905583770e921bdf4a8d9615e9bda51bd21f3aa03857393dc5e29b64b150cec63cb127f2c5e98f963917810a6dc25bb5
-
SSDEEP
6144:IZ+XF7UXdbVNsn3iXqBPRcsH+er3mXoITWxF1JwfBry5nQe+A/:IkXqdbns3iXqPcshrmXZWxJS1y5UA
Static task
static1
Behavioral task
behavioral1
Sample
865ece5b40731a1318f488d9011360e3.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
865ece5b40731a1318f488d9011360e3.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
25 - Username:
[email protected] - Password:
BkKMmzZ1 - Email To:
[email protected]
Targets
-
-
Target
865ece5b40731a1318f488d9011360e3
-
Size
650KB
-
MD5
865ece5b40731a1318f488d9011360e3
-
SHA1
784f9b865ddec298a8b390f78eec2829db9588ee
-
SHA256
41b54ea5a4e4b02d96e09be1bbb655b6c6755c7f5f22fab9e8331e7ce911c010
-
SHA512
0988576c80188cfecd55e6214c999311905583770e921bdf4a8d9615e9bda51bd21f3aa03857393dc5e29b64b150cec63cb127f2c5e98f963917810a6dc25bb5
-
SSDEEP
6144:IZ+XF7UXdbVNsn3iXqBPRcsH+er3mXoITWxF1JwfBry5nQe+A/:IkXqdbns3iXqPcshrmXZWxJS1y5UA
Score10/10-
Snake Keylogger payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-