General
-
Target
c62da7a3eac6bae78ea8a771faa65d17.bin
-
Size
562KB
-
Sample
240505-b7t7dsag4w
-
MD5
20518ab7786a1803d4954e9c745c8503
-
SHA1
32f71042c189193c696510fad121cb93e856d534
-
SHA256
29889dbec35701a2ccd33fd06cb719f0bb29ecec28c1d224166f7ab359cdacf8
-
SHA512
dcbe8951327a27332bd11dfa17439889992bb2adc4a167f2deb3d2603de0eba010c751c0d333b621eacaa9d7853db76f3125a22f3c38cd881c7562ce2ae7510c
-
SSDEEP
12288:1+jOOi01o3RcTcQeWtlAenY/s0VtLwkPDG37UCs5CMT3CKcFEtl:hRdhxWtlAiYNVtLPPDG3ACYL3C6z
Static task
static1
Behavioral task
behavioral1
Sample
0d5548b7d4696c67dba1d5bb827285ed2d3846fd0ad28140c198ad9c467f1bb0.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
0d5548b7d4696c67dba1d5bb827285ed2d3846fd0ad28140c198ad9c467f1bb0.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.promaksmakine.com - Port:
587 - Username:
[email protected] - Password:
16Promaks12! - Email To:
[email protected]
https://scratchdreams.tk
Targets
-
-
Target
0d5548b7d4696c67dba1d5bb827285ed2d3846fd0ad28140c198ad9c467f1bb0.exe
-
Size
942KB
-
MD5
c62da7a3eac6bae78ea8a771faa65d17
-
SHA1
302984629aa44746a3e8b832c4fcacabcc585aaa
-
SHA256
0d5548b7d4696c67dba1d5bb827285ed2d3846fd0ad28140c198ad9c467f1bb0
-
SHA512
8e534c1e0d80757c9b8d02895f67d0ac46c15dd3f5fd418e4482859c8252f64bc0dff4d436da1af81db37d1593a0430d30562e74a1f8e845b030aa4f421c5add
-
SSDEEP
12288:MSYxUeoUKT5lmvV9fGRaBeUBSMUkA4zcL4pLou:gz45lmdlIaHBokA1L4j
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-