General
-
Target
0d5548b7d4696c67dba1d5bb827285ed2d3846fd0ad28140c198ad9c467f1bb0.exe
-
Size
942KB
-
Sample
240504-bex3kshc7x
-
MD5
c62da7a3eac6bae78ea8a771faa65d17
-
SHA1
302984629aa44746a3e8b832c4fcacabcc585aaa
-
SHA256
0d5548b7d4696c67dba1d5bb827285ed2d3846fd0ad28140c198ad9c467f1bb0
-
SHA512
8e534c1e0d80757c9b8d02895f67d0ac46c15dd3f5fd418e4482859c8252f64bc0dff4d436da1af81db37d1593a0430d30562e74a1f8e845b030aa4f421c5add
-
SSDEEP
12288:MSYxUeoUKT5lmvV9fGRaBeUBSMUkA4zcL4pLou:gz45lmdlIaHBokA1L4j
Static task
static1
Behavioral task
behavioral1
Sample
0d5548b7d4696c67dba1d5bb827285ed2d3846fd0ad28140c198ad9c467f1bb0.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
0d5548b7d4696c67dba1d5bb827285ed2d3846fd0ad28140c198ad9c467f1bb0.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.promaksmakine.com - Port:
587 - Username:
[email protected] - Password:
16Promaks12! - Email To:
[email protected]
https://scratchdreams.tk
Targets
-
-
Target
0d5548b7d4696c67dba1d5bb827285ed2d3846fd0ad28140c198ad9c467f1bb0.exe
-
Size
942KB
-
MD5
c62da7a3eac6bae78ea8a771faa65d17
-
SHA1
302984629aa44746a3e8b832c4fcacabcc585aaa
-
SHA256
0d5548b7d4696c67dba1d5bb827285ed2d3846fd0ad28140c198ad9c467f1bb0
-
SHA512
8e534c1e0d80757c9b8d02895f67d0ac46c15dd3f5fd418e4482859c8252f64bc0dff4d436da1af81db37d1593a0430d30562e74a1f8e845b030aa4f421c5add
-
SSDEEP
12288:MSYxUeoUKT5lmvV9fGRaBeUBSMUkA4zcL4pLou:gz45lmdlIaHBokA1L4j
Score10/10-
Snake Keylogger payload
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables packed with SmartAssembly
-
Detects executables referencing many email and collaboration clients. Observed in information stealers
-
Detects executables with potential process hoocking
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-