General
-
Target
e01a751a8d6a089d25eccf34c504a5b0
-
Size
644KB
-
Sample
240326-zz5vxsfd3z
-
MD5
e01a751a8d6a089d25eccf34c504a5b0
-
SHA1
58198c6cfa650df0609cb1dd931a59ebe6388d0f
-
SHA256
524bd24b076dc2580ced18f98ee98ab54d528f5fc8ffe02bdda47fa557feeb3c
-
SHA512
c83b57f3ae4340f74888a18a7d557157ae339934004febe871fe3df8c7245884b4038957a0487b3d85f52926b8f132284e0052e5017849c49c3103876267c7e0
-
SSDEEP
12288:z1/p+gczyhNSvRbBQHR4qz91hI0zSaNsvz+yuWDVId21NaI+E8tyvX6sJD37USqY:TsJDLjqb5cIX5zpwg0srHFD
Static task
static1
Behavioral task
behavioral1
Sample
e01a751a8d6a089d25eccf34c504a5b0.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
e01a751a8d6a089d25eccf34c504a5b0.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
webmail.patagoniachileadventures.com - Port:
25 - Username:
[email protected] - Password:
12345 - Email To:
[email protected]
Targets
-
-
Target
e01a751a8d6a089d25eccf34c504a5b0
-
Size
644KB
-
MD5
e01a751a8d6a089d25eccf34c504a5b0
-
SHA1
58198c6cfa650df0609cb1dd931a59ebe6388d0f
-
SHA256
524bd24b076dc2580ced18f98ee98ab54d528f5fc8ffe02bdda47fa557feeb3c
-
SHA512
c83b57f3ae4340f74888a18a7d557157ae339934004febe871fe3df8c7245884b4038957a0487b3d85f52926b8f132284e0052e5017849c49c3103876267c7e0
-
SSDEEP
12288:z1/p+gczyhNSvRbBQHR4qz91hI0zSaNsvz+yuWDVId21NaI+E8tyvX6sJD37USqY:TsJDLjqb5cIX5zpwg0srHFD
Score10/10-
Snake Keylogger payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-