General
-
Target
939cce8a40600bd50790676bd2e4209679963c682bef791613be4a7aea8ce775
-
Size
345KB
-
Sample
240417-r6lfvscg75
-
MD5
51a3ce739d85a71ba527d9f4543b6fbb
-
SHA1
aee9c0eb376036a03a8fb5df2f8bcf7ada78932f
-
SHA256
939cce8a40600bd50790676bd2e4209679963c682bef791613be4a7aea8ce775
-
SHA512
795fd8bb973ec06195618e5ac71a44b452569be0d0ede3721e2cfc356bcb1ed4c85d5e64eef127260a80321675552189957a8173806f4c8362ba952c78d8337e
-
SSDEEP
6144:O05Ln2jXpm6RcEsVPmlGJ20PPtqVzuZXuWbN4kL8sXDCjbQFNVBLMjaXsUIAdjPW:B57yXpm6R0mlGJ2AtqcFuMN4KXDCjbQs
Static task
static1
Behavioral task
behavioral1
Sample
1860fb1b0d09c48a73d706886b6454756c7532f2b9cdd61564a3f79a796784e8.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
1860fb1b0d09c48a73d706886b6454756c7532f2b9cdd61564a3f79a796784e8.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
snakekeylogger
http://varders.kozow.com:8081
http://aborters.duckdns.org:8081
http://anotherarmy.dns.army:8081
Targets
-
-
Target
1860fb1b0d09c48a73d706886b6454756c7532f2b9cdd61564a3f79a796784e8.exe
-
Size
456KB
-
MD5
c65e4e6d369c8f998a827b4a916bb3b0
-
SHA1
fbc169f1791b48ed6a00ea8b91b2e2b32c91b0dd
-
SHA256
1860fb1b0d09c48a73d706886b6454756c7532f2b9cdd61564a3f79a796784e8
-
SHA512
4cbfcbc25e2f69674220fb2c92c8635bfb9736e207a6c583c616ae0ffb43d4762fe02095928ce0c4172de17c1739ad2f1ed03d559996f3428b75aef3693c68e8
-
SSDEEP
6144:48B5BAglMXudWJNwmae2374I1AqS0rFjsEBL8QEDuz0W/IWsL6/my/XsGVvYDf:J53M+dQS4IqNEyQCuz0cxsLktOf
Score10/10-
Snake Keylogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-