General
-
Target
f22f1ecee8a71492de735330b5edb2c4d003c1797840d33d02d99919c210fa6d
-
Size
543KB
-
Sample
240417-rnq9dsda9t
-
MD5
3d6d01de1aa1a01d59630c8e6ce893b9
-
SHA1
0b47ecd9bbe4ee7be0d8edbf0ac415a949d4d11c
-
SHA256
f22f1ecee8a71492de735330b5edb2c4d003c1797840d33d02d99919c210fa6d
-
SHA512
650bfb2f2a994c5095f581a021c7699d4db62e389495c9a17ed36caf58e1c9330c986ec8196a8f1762afe09b0d8ca64ec81fc95e3c1163c90224fa0b080feed0
-
SSDEEP
12288:27u7QYp6PG0mBX8UgE45qXGZR1K+JtNt5iHOzjiEVhLJxh:AADXX8UgoXE1K+JtNt5COzjiEVTxh
Static task
static1
Behavioral task
behavioral1
Sample
e50903a2738b0e7b900a545e5bd1c8b4e1441fb58dcab2a1065f87bcb08b1dce.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
e50903a2738b0e7b900a545e5bd1c8b4e1441fb58dcab2a1065f87bcb08b1dce.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.mct2.co.za - Port:
587 - Username:
user@mct2.co.za - Password:
00000
Targets
-
-
Target
e50903a2738b0e7b900a545e5bd1c8b4e1441fb58dcab2a1065f87bcb08b1dce.exe
-
Size
555KB
-
MD5
0550f4043bfb5eec476db7789143027f
-
SHA1
cd2133cad95d2a6a0ef7becfda1ae0de82c63dde
-
SHA256
e50903a2738b0e7b900a545e5bd1c8b4e1441fb58dcab2a1065f87bcb08b1dce
-
SHA512
20b9f4d302e12723ab6ad598907da2654b4de96d71096eb112a92010cff5c565c6c92891b81af16610ed6eb47c55bd1cf5b1d90da359d7e1ad3d85243d4c373e
-
SSDEEP
12288:C5Ujd53LlvOQpVf12L9A6On/eFsjv+mlkH+wjzV+Gj7:+KoQpVff6On/eFsj5bMzV+G
Score10/10-
Snake Keylogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-