General
-
Target
b37d2a3bd77f5c2c6cbd59c922b77ed7e75b9e162619ecc1893f07a531bd9fad
-
Size
444KB
-
Sample
240417-sa4s1adb52
-
MD5
ff67e53f2955a5ad6fdc24f239925591
-
SHA1
d898c9cfe2ec0fb233c530f4516b9095c80d477b
-
SHA256
b37d2a3bd77f5c2c6cbd59c922b77ed7e75b9e162619ecc1893f07a531bd9fad
-
SHA512
83a83fdc2193c475e5f146c3ac14594a0b886f63f5b8136c0472d3dae448ad4e35e8501431d0f6d8f67b3d20be9eb83d623cf3a5aedfaf213bcdf9c6245f6c07
-
SSDEEP
12288:BY03hFn6KOUNBfBLYVXcsrG+ywndrVlCtTnl:r3hF6TMFeXNGytVk
Static task
static1
Behavioral task
behavioral1
Sample
4c91634a53fddb78f1737e66c0c323cdbc8d2e720a14732b8336e449ce062319.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
4c91634a53fddb78f1737e66c0c323cdbc8d2e720a14732b8336e449ce062319.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
snakekeylogger
http://varders.kozow.com:8081
http://aborters.duckdns.org:8081
http://anotherarmy.dns.army:8081
Targets
-
-
Target
4c91634a53fddb78f1737e66c0c323cdbc8d2e720a14732b8336e449ce062319.exe
-
Size
772KB
-
MD5
4ea8e0a601af5ddd20cd0be9e8f22006
-
SHA1
0f942dd91402219b5c6302bd0e0dd0542f8c6c7b
-
SHA256
4c91634a53fddb78f1737e66c0c323cdbc8d2e720a14732b8336e449ce062319
-
SHA512
e310eb75cd01eae6b4b7bc269f720cb23ed236f80c05103ccc2a95f556cc997232df7d1ac1b2129bbb41de81d50c2490fe23ac7696a726415902ee9164b1dc3f
-
SSDEEP
12288:dJpHCmbiNIwPTBpD1tM2MH6YZLuKw3WDJV733EgpA5FhYzO4h:ZCFP1pD1tM2MTZLEd6O
Score10/10-
Snake Keylogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-