General
-
Target
e0b91bf8c3208cf809b8320ae2bc6353
-
Size
1.8MB
-
Sample
240327-em7hrsfc9s
-
MD5
e0b91bf8c3208cf809b8320ae2bc6353
-
SHA1
1a49d869f20b1579345052b9135deff849e8cd4b
-
SHA256
3f934d01d35a6ebc8f94dea5011411c63107b1be65bcea2be90275c845bb9b86
-
SHA512
c6a449e86991fee3a5e0fc7661a41b685498bd09402608e759d766a971a064dc1b0397ccfa1ac819c0cfbcf6cf873e8739d8398e3107c11142ac4faabe579056
-
SSDEEP
24576:v5MI676DO9fx8Dgyfx8Dg9AW9/gOiEpvWnNwDZFSL:vt676858Dgy58DgPoO1BWnCZU
Static task
static1
Behavioral task
behavioral1
Sample
letter of ITB documents.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
letter of ITB documents.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
smtp.fireacoustics.com - Port:
587 - Username:
[email protected] - Password:
_d:rzD~62Jxh - Email To:
[email protected]
Targets
-
-
Target
letter of ITB documents.exe
-
Size
1.2MB
-
MD5
bdacafc76193287481aacc058157b552
-
SHA1
3f07cd8af332cc05e0faffb4b3abc673c1dbae94
-
SHA256
ddc80f262bf86345a0be3981054a8bcc1b06635e948365ceeb159688afcb51ce
-
SHA512
17be9b28d5a2d96e9414b8178589e9e8d0ce159ded86043c1eff061afdd87972fedd3e8e6dcada6dc297706306ce3ee2a10bcd5a86be6bba097c916b125ae172
-
SSDEEP
24576:35MI676DO9fx8Dgyfx8Dg9AW9/gOiEpvWnNwDZFSL:3t676858Dgy58DgPoO1BWnCZU
Score10/10-
Snake Keylogger payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-