General
-
Target
0d045dd310228dfe9b69eb26ee52a310442b8fda41bf42fe9a1c4eb09abd2e45
-
Size
495KB
-
Sample
240417-r8pw3aed4z
-
MD5
71c38d34855ef4f569ee54639fa013f3
-
SHA1
c119b66713ef8a7961be370ad62e3383ce705ad6
-
SHA256
0d045dd310228dfe9b69eb26ee52a310442b8fda41bf42fe9a1c4eb09abd2e45
-
SHA512
f3e8ce506bde2b0c7d09523287b3cae37c9da201acbc716d115536cbe8a4b12ecd7f407b2e452469009fbfe786bafd8abdd39ab8b7ef9012ce6a4442b2bcbc3d
-
SSDEEP
12288:oyL77j9Xy2xZF5LW1cDzQj52OLsbMcuygIYgx:3L7l/LiqDX3McC8
Static task
static1
Behavioral task
behavioral1
Sample
504e1940bd93e130262a7bd2b15fb622f178e2b533bfb5514ddc860ea164266d.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
504e1940bd93e130262a7bd2b15fb622f178e2b533bfb5514ddc860ea164266d.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.alualuminium.com.my - Port:
587 - Username:
admin@alualuminium.com.my - Password:
U8G4S13#8Zk$ - Email To:
ashref.majeed.ctl@gmail.com
http://varders.kozow.com:8081
http://aborters.duckdns.org:8081
http://anotherarmy.dns.army:8081
Targets
-
-
Target
504e1940bd93e130262a7bd2b15fb622f178e2b533bfb5514ddc860ea164266d.exe
-
Size
540KB
-
MD5
238b899ad206afc5ec899f46b9470430
-
SHA1
3ca07d8621a97a15fbc2ac4c93c8bccce514274a
-
SHA256
504e1940bd93e130262a7bd2b15fb622f178e2b533bfb5514ddc860ea164266d
-
SHA512
891041de24daef90ad7e5468fe059a41a52e1862bf390a0f0cbb50b082bfc90742b9c51072e833fbaf167f9315b2f55118f2cebb08af58890e4beba00b3eed5f
-
SSDEEP
12288:7iCx6cbYvWgWJnJW8RHYdoCeesLRUR47DJ:A4aWr1JXHY6ysLG67F
Score10/10-
Snake Keylogger payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-