General
-
Target
452ab69e222c880f6637f943819cfa466df71dac0f1dcfa31e6ba3744a832748.exe
-
Size
830KB
-
Sample
240508-b8f16aeg55
-
MD5
533ffbc1a40a9d13ddb15f7ad5415da5
-
SHA1
b5b7399ef2bfca57a70fec8ef6ee62843542e587
-
SHA256
452ab69e222c880f6637f943819cfa466df71dac0f1dcfa31e6ba3744a832748
-
SHA512
6456487bb20f568295d0d226c93b35b4486e49721c50ba59c93cc6657c9afb6099e78ea9565998321190cf05bf236ef48f34913690b96bdfea52c8711b310bb1
-
SSDEEP
24576:M0220C8uECnmUShKoWQST75l0ewP+nAvfaWdAyQPCt98dlT:hAvfTQPd9
Static task
static1
Behavioral task
behavioral1
Sample
452ab69e222c880f6637f943819cfa466df71dac0f1dcfa31e6ba3744a832748.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
452ab69e222c880f6637f943819cfa466df71dac0f1dcfa31e6ba3744a832748.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.gbogboro.com - Port:
587 - Username:
[email protected] - Password:
Lovelove@123
https://scratchdreams.tk
Targets
-
-
Target
452ab69e222c880f6637f943819cfa466df71dac0f1dcfa31e6ba3744a832748.exe
-
Size
830KB
-
MD5
533ffbc1a40a9d13ddb15f7ad5415da5
-
SHA1
b5b7399ef2bfca57a70fec8ef6ee62843542e587
-
SHA256
452ab69e222c880f6637f943819cfa466df71dac0f1dcfa31e6ba3744a832748
-
SHA512
6456487bb20f568295d0d226c93b35b4486e49721c50ba59c93cc6657c9afb6099e78ea9565998321190cf05bf236ef48f34913690b96bdfea52c8711b310bb1
-
SSDEEP
24576:M0220C8uECnmUShKoWQST75l0ewP+nAvfaWdAyQPCt98dlT:hAvfTQPd9
-
Snake Keylogger payload
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables referencing many email and collaboration clients. Observed in information stealers
-
Detects executables with potential process hoocking
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-