General
-
Target
1884a949e9068ffe0dd84be7644cd3a8fe320542252e533ce1d2214f79b50990.exe
-
Size
949KB
-
Sample
240503-mh147aee55
-
MD5
d20ba9548abd76ba228729949f845e59
-
SHA1
55d97abeb438e0c4aec352523f10ec3c9d773a8c
-
SHA256
1884a949e9068ffe0dd84be7644cd3a8fe320542252e533ce1d2214f79b50990
-
SHA512
b93e904be969091299e76cba66ef8f300fb4867847c579f58f43386f57674049ee0ba743f4a2827b7caf77c924ab840145dab0ab882bd2c2e899dd6f69dcb8b6
-
SSDEEP
12288:U1P60g/mCJJLRfimNQUWiUwoZ3VZ5K7nKhFSFlSP:U1PBgeCfRRNVT0nY7nO0l
Static task
static1
Behavioral task
behavioral1
Sample
1884a949e9068ffe0dd84be7644cd3a8fe320542252e533ce1d2214f79b50990.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
1884a949e9068ffe0dd84be7644cd3a8fe320542252e533ce1d2214f79b50990.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.eraslangroup.net - Port:
587 - Username:
[email protected] - Password:
aHZAyjDK - Email To:
[email protected]
https://scratchdreams.tk
Targets
-
-
Target
1884a949e9068ffe0dd84be7644cd3a8fe320542252e533ce1d2214f79b50990.exe
-
Size
949KB
-
MD5
d20ba9548abd76ba228729949f845e59
-
SHA1
55d97abeb438e0c4aec352523f10ec3c9d773a8c
-
SHA256
1884a949e9068ffe0dd84be7644cd3a8fe320542252e533ce1d2214f79b50990
-
SHA512
b93e904be969091299e76cba66ef8f300fb4867847c579f58f43386f57674049ee0ba743f4a2827b7caf77c924ab840145dab0ab882bd2c2e899dd6f69dcb8b6
-
SSDEEP
12288:U1P60g/mCJJLRfimNQUWiUwoZ3VZ5K7nKhFSFlSP:U1PBgeCfRRNVT0nY7nO0l
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-