General
-
Target
e07f355829788140870b101e94625d62
-
Size
625KB
-
Sample
240327-ccx58scg8x
-
MD5
e07f355829788140870b101e94625d62
-
SHA1
9e22399bbe6232f63d59430ba9c5214b30a1a83f
-
SHA256
02cb785366112aa7f83df7363d3fcf17fe704f1a4938821cd1ea3fa9fce8a701
-
SHA512
4ee66ac7900c5d6fa4ca3a7d786c05ad8a0b35e1fd9fc622c9fdc059b27371b1f3321b17497d582ea199f47c94749a96d8a21b7398e94fa7d3dfec78dd2a47ee
-
SSDEEP
12288:fean0/aOXQ1+PPp8Nyn54A6MP09T9pDEOnbJvubEt5nm1:feN/aBCp/d89T8Gb1y+g
Static task
static1
Behavioral task
behavioral1
Sample
e07f355829788140870b101e94625d62.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
e07f355829788140870b101e94625d62.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
jBgPrcvY6 - Email To:
[email protected]
Targets
-
-
Target
e07f355829788140870b101e94625d62
-
Size
625KB
-
MD5
e07f355829788140870b101e94625d62
-
SHA1
9e22399bbe6232f63d59430ba9c5214b30a1a83f
-
SHA256
02cb785366112aa7f83df7363d3fcf17fe704f1a4938821cd1ea3fa9fce8a701
-
SHA512
4ee66ac7900c5d6fa4ca3a7d786c05ad8a0b35e1fd9fc622c9fdc059b27371b1f3321b17497d582ea199f47c94749a96d8a21b7398e94fa7d3dfec78dd2a47ee
-
SSDEEP
12288:fean0/aOXQ1+PPp8Nyn54A6MP09T9pDEOnbJvubEt5nm1:feN/aBCp/d89T8Gb1y+g
Score10/10-
Snake Keylogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-