General
-
Target
PO 18291 - PO 18292.exe
-
Size
567KB
-
Sample
240502-kknkrsfd83
-
MD5
1fb717b10b585fdbf8cd3b3ff8df7e2e
-
SHA1
8a2884f7a6de3d3b495adf2c35ef52ee76d20287
-
SHA256
4ffdb2ec820fcc5ab2bc290fba2917c75d7cc0620beeb8def7bcbe80c31e319a
-
SHA512
50639423070015bf5a024e2807866c824833b8b633c20ab56150bbc7a9aa99688f9076cb8f31b07ed3b662758fca36ab6bcc157363534fa8d6cc1c6c92d3e47c
-
SSDEEP
12288:6UY2iNdlyvOF3CCzH712fbdq/IJjStjn2v/ZnQ:Q1PlyvON1zH7wsQkT2m
Static task
static1
Behavioral task
behavioral1
Sample
PO 18291 - PO 18292.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
PO 18291 - PO 18292.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.ettehadco.com - Port:
587 - Username:
[email protected] - Password:
1S47f$kWB@2jAt&*R8NA - Email To:
[email protected]
https://scratchdreams.tk
Targets
-
-
Target
PO 18291 - PO 18292.exe
-
Size
567KB
-
MD5
1fb717b10b585fdbf8cd3b3ff8df7e2e
-
SHA1
8a2884f7a6de3d3b495adf2c35ef52ee76d20287
-
SHA256
4ffdb2ec820fcc5ab2bc290fba2917c75d7cc0620beeb8def7bcbe80c31e319a
-
SHA512
50639423070015bf5a024e2807866c824833b8b633c20ab56150bbc7a9aa99688f9076cb8f31b07ed3b662758fca36ab6bcc157363534fa8d6cc1c6c92d3e47c
-
SSDEEP
12288:6UY2iNdlyvOF3CCzH712fbdq/IJjStjn2v/ZnQ:Q1PlyvON1zH7wsQkT2m
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-