General
-
Target
FATEYU07655700000.exe
-
Size
1.1MB
-
Sample
240410-mqcfsscg43
-
MD5
08e5e7017a40d8322c02f2d3b993624d
-
SHA1
e359655b63f24de274aef8932c096f2e0e1baa1d
-
SHA256
fed609268e1fbbc621e084ce4676924dc13ee5055eb5383e8b57adae9a11631c
-
SHA512
9d49ea2f6c71cc845bcd06d601c400f91e67fc56c262b9d20afa74fd400b83e3da5e7111ead5a52b85f21d13b7fe8c9e10e72bd25c17e8c5058527bc8374d646
-
SSDEEP
24576:HAHnh+eWsN3skA4RV1Hom2KXMmHarir1LuvCCcOSYCvsd5:6h+ZkldoPK8YariPCccCe
Static task
static1
Behavioral task
behavioral1
Sample
FATEYU07655700000.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
FATEYU07655700000.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
snakekeylogger
https://scratchdreams.tk
Targets
-
-
Target
FATEYU07655700000.exe
-
Size
1.1MB
-
MD5
08e5e7017a40d8322c02f2d3b993624d
-
SHA1
e359655b63f24de274aef8932c096f2e0e1baa1d
-
SHA256
fed609268e1fbbc621e084ce4676924dc13ee5055eb5383e8b57adae9a11631c
-
SHA512
9d49ea2f6c71cc845bcd06d601c400f91e67fc56c262b9d20afa74fd400b83e3da5e7111ead5a52b85f21d13b7fe8c9e10e72bd25c17e8c5058527bc8374d646
-
SSDEEP
24576:HAHnh+eWsN3skA4RV1Hom2KXMmHarir1LuvCCcOSYCvsd5:6h+ZkldoPK8YariPCccCe
Score10/10-
Snake Keylogger payload
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-