General
-
Target
1b9364fda00fef904d7bf2ed18cb60fdcabc78b9b1b586c826752603b3756658
-
Size
367KB
-
Sample
240417-r9atjaed7z
-
MD5
45e75b53fbed9938a1b9ea8b80653ace
-
SHA1
9323da48a757b9b5e5c6fbf533f7a31758b42f26
-
SHA256
1b9364fda00fef904d7bf2ed18cb60fdcabc78b9b1b586c826752603b3756658
-
SHA512
22d74470d0ab582ff906a2fe3fa9a255300b11d611fa6e3c7604eb94c315520bab9f23fad2838a61efaa0666ff60f521945483d3429dd0359a0b34431d3ef1f2
-
SSDEEP
6144:PHHZj8LqLFbjFLt8DLuYpPtEOg7ndrkE2jCp6JC5Da/0dvExcaDc4k+GBQ9:PHHhLnLt8DL98zdz2jghJaM1WbDHT
Static task
static1
Behavioral task
behavioral1
Sample
d85b912c5171741966d6c8238db04de39b56ed1b696ccf7a32400d34cd29338c.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
d85b912c5171741966d6c8238db04de39b56ed1b696ccf7a32400d34cd29338c.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
snakekeylogger
http://varders.kozow.com:8081
http://aborters.duckdns.org:8081
http://anotherarmy.dns.army:8081
Targets
-
-
Target
d85b912c5171741966d6c8238db04de39b56ed1b696ccf7a32400d34cd29338c.exe
-
Size
492KB
-
MD5
eed3180705c584f83fce43b5a89a4d95
-
SHA1
7b49f051d5bab815ee88748368fb06ad07ba70a7
-
SHA256
d85b912c5171741966d6c8238db04de39b56ed1b696ccf7a32400d34cd29338c
-
SHA512
3b35e07a6d117700725d1569079eb44dc1fb98189d2fae55b2d9797a29365ef36fe794184561eb429fd0737fabbc2e8a282430a22725558ec7424cbfe06e878e
-
SSDEEP
12288:l/ipq9IbMmP2qXTeyOnTYBbsAOvrYfQ6:l/BgMm+qDebGZouQ6
Score10/10-
Snake Keylogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-