General
-
Target
f4685f464984ed57ef222aca3a61002432696d6ec8df3b0c1b3bee424054965f
-
Size
550KB
-
Sample
240417-sa3wpsdb49
-
MD5
f4f3f53c773b8a5820df813227936377
-
SHA1
e745fd7a92db2014e560c5975d4fb6a5b3bf4669
-
SHA256
f4685f464984ed57ef222aca3a61002432696d6ec8df3b0c1b3bee424054965f
-
SHA512
01d8e31af597d2acde04c5e3158b11acd2e320aa68cd4d2c93e34310e030c0db3fb9dd734af2fda3d602dcc321061bc3cac57caca2a545d1784ff507edca5c69
-
SSDEEP
12288:fKEhKvphaHKuRai0pwlqXrLzffJYVzgc6gg/W9BU:f/KeKuqq+rLzfRkp6k3U
Static task
static1
Behavioral task
behavioral1
Sample
9a51ed2069f54c90bac392ebb1081aa64dee9c2705df9944bc43db671c87dd94.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
9a51ed2069f54c90bac392ebb1081aa64dee9c2705df9944bc43db671c87dd94.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.alualuminium.com.my - Port:
587 - Username:
admin@alualuminium.com.my - Password:
U8G4S13#8Zk$ - Email To:
ashref.majeed.ctl@gmail.com
http://varders.kozow.com:8081
http://aborters.duckdns.org:8081
http://anotherarmy.dns.army:8081
Targets
-
-
Target
9a51ed2069f54c90bac392ebb1081aa64dee9c2705df9944bc43db671c87dd94.exe
-
Size
735KB
-
MD5
4c386a3d7503f6c5e5bb18ea790839bf
-
SHA1
381687be4488cd4d9057e9f2ee908c4fd6cee57b
-
SHA256
9a51ed2069f54c90bac392ebb1081aa64dee9c2705df9944bc43db671c87dd94
-
SHA512
5cebdb1d62d5a44dbd30990d39a263853d0652f784218c39301c3f2f9963bd1941d88763cfa088ac90535e580aa013ec5faae83400cc2ee54a922390f5e85421
-
SSDEEP
12288:PAS8ufoWOkXnCLBittu4zY6zEsHLc/ZnBxti6t:DpOkgifuWzuCy
Score10/10-
Snake Keylogger payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-