General
-
Target
2339e6e1cedb9d0fa09a0322d56c1d6bc2451a27bdadbd3ce16d58dae4825d21
-
Size
344KB
-
Sample
240417-r9nemaed9z
-
MD5
9c333210ce94e82031d035fee7147843
-
SHA1
18635407565c40a88d80d065eba84f31fd06e658
-
SHA256
2339e6e1cedb9d0fa09a0322d56c1d6bc2451a27bdadbd3ce16d58dae4825d21
-
SHA512
1213e6f5dd435610593cf43a7fe3889dd66144867adcc35b8e9cbfb729aa2d37326aaefd3abbee1a43aedbc4a0c29b32b99dbb2b0ea57e2ac2056a0417443874
-
SSDEEP
6144:hsrKN28GjFAIzL3y88d+mj6ovyu/k3/5AlN+52jqqHwNwS1k0N21A5Cgpi:vN28pIL3Z80I6oK2XwkQmmTN21A5Cg8
Static task
static1
Behavioral task
behavioral1
Sample
b8410c46b62f3f4fa0255c4fa37c4899f2fa7ee69883d35bd178e629e2db24db.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
b8410c46b62f3f4fa0255c4fa37c4899f2fa7ee69883d35bd178e629e2db24db.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
snakekeylogger
http://varders.kozow.com:8081
http://aborters.duckdns.org:8081
http://anotherarmy.dns.army:8081
Targets
-
-
Target
b8410c46b62f3f4fa0255c4fa37c4899f2fa7ee69883d35bd178e629e2db24db.exe
-
Size
430KB
-
MD5
26f04ab3380bd390d9b8616812a79aea
-
SHA1
1a86d45a3190cfcff773fdb67fa5aca145f67c7c
-
SHA256
b8410c46b62f3f4fa0255c4fa37c4899f2fa7ee69883d35bd178e629e2db24db
-
SHA512
8256aba8b115dc58806e2f2148327123de1379a1b2dbed403cfc0badf8ee65ab9eee8e97022dd23c490df209f863ff17624b0b479bc19b7968a4e74eca6f9452
-
SSDEEP
6144:RRGAKmcqrclxtqQ9SUBHWTI3KNkOOXWNlbfA/ZoOJcTg5O33UVuK9Uk/knb/UBUq:9cpkQ9FWTLP/NtI/StTuOzKy1oSsH
Score10/10-
Snake Keylogger payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-