General
-
Target
e-dekont.exe
-
Size
834KB
-
Sample
240424-fe56eafb32
-
MD5
ff53d6a04ea8618890f7a81e31bd8a22
-
SHA1
d804959bcb8a2ea43278a1f78aac8abede4fa62f
-
SHA256
5f8e6d5fd79a5a648e42597881ddf5e418be34a81b678b9742fad39d6b74c298
-
SHA512
fb1830954a5568b13448fc3326a66b7730081cc432aeca6de3cefde5b3ee7f44a9fe95c8d8ec53bbd293be3f931f0dcc890bf3c612593d07d897c6939cddce45
-
SSDEEP
12288:WUF9WM9gnUHf/6JCh+bLNftlDcaxlCcjbAf:WU2M9gUHf/6tLTlYklCQbA
Static task
static1
Behavioral task
behavioral1
Sample
e-dekont.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
e-dekont.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.agmfilter.com - Port:
587 - Username:
s.reyhani@agmfilter.com - Password:
sibelr_63017 - Email To:
draftreport@yahoo.com
https://scratchdreams.tk
Targets
-
-
Target
e-dekont.exe
-
Size
834KB
-
MD5
ff53d6a04ea8618890f7a81e31bd8a22
-
SHA1
d804959bcb8a2ea43278a1f78aac8abede4fa62f
-
SHA256
5f8e6d5fd79a5a648e42597881ddf5e418be34a81b678b9742fad39d6b74c298
-
SHA512
fb1830954a5568b13448fc3326a66b7730081cc432aeca6de3cefde5b3ee7f44a9fe95c8d8ec53bbd293be3f931f0dcc890bf3c612593d07d897c6939cddce45
-
SSDEEP
12288:WUF9WM9gnUHf/6JCh+bLNftlDcaxlCcjbAf:WU2M9gUHf/6tLTlYklCQbA
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-