General
-
Target
08052024_1406_08052024_U prilogu je nova lista narudzbi.7z
-
Size
383KB
-
Sample
240508-relbsaae74
-
MD5
7713fc4868a6c80fc2b798adaa2cee56
-
SHA1
f6de4a0b0a9f2d515fbc9ae885dbc7cff40efa46
-
SHA256
b6c9d60243374863c35fb2bfbdbc238b55e8fffc405f379f64a63b2ea9e3f1db
-
SHA512
86524aa2c0507e2c223a890abf6b4c2dc7dd97108f72a6e91aefab3a4c95f671beeaad40a538d81f8ddb578fd7c400c7079cae88d629c1b3fe37c72a59c6b4a5
-
SSDEEP
6144:6gZsERUgNzeXUQVVeLWWklUM7c15nTIlub5kFvA73MtGLyVOgss5HxuV9:6QUgNaXnMLkN7anElW5kFPt+yA30Hgb
Static task
static1
Behavioral task
behavioral1
Sample
U prilogu je nova lista narudzbi.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
U prilogu je nova lista narudzbi.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.gpg.co.ir - Port:
587 - Username:
[email protected] - Password:
goodGod2024? - Email To:
[email protected]
https://scratchdreams.tk
Targets
-
-
Target
U prilogu je nova lista narudzbi.exe
-
Size
882KB
-
MD5
2e085ebf8dcf858b5f8e4fd12cd96b23
-
SHA1
d28c9c4555a704e82c020ebb1115aed8dd866e36
-
SHA256
62a97283872ab50c61ba23f69349b8244519cec93a00b7ee244fe58b9a685bbe
-
SHA512
9b430e40128e325d5dad45b1df423a3ff99a4e14f1f9c7abf238608b2ca892a060adb9d1ee67406752a8ec48d895097253882d8396b4d23058afa45566b51832
-
SSDEEP
24576:/0220C8uECnmUShKoWQST75l0ewPsP/cWUgYdjB/nCiXWT:7L9CIw
-
Snake Keylogger payload
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-