General
-
Target
048fca3418b3e42f19ef63f45ab884bfac140ca982a3f7a8f34ccb96a2ca60cc.exe
-
Size
592KB
-
Sample
240517-bdvaasaa91
-
MD5
23a658bdeeeaeb067cb3de4c02084ecf
-
SHA1
53485c0401fa625de7e565d5ce74b171d0bcae0c
-
SHA256
048fca3418b3e42f19ef63f45ab884bfac140ca982a3f7a8f34ccb96a2ca60cc
-
SHA512
431526897f7357e37616adb8bcc7fb5ee8be18f2b3a1a6a96caad5e7ca8f6c02512d8e0714a2f67934f08d4645fa4a373ef265b8a83975ae1cc57b5325ac23ec
-
SSDEEP
12288:X0pei36Rm2ZanQI1cb1Yd4NkOQwnUZA+zEemHn4uQJ:kpp36NIu1YAFQsUZA+aH4uQ
Static task
static1
Behavioral task
behavioral1
Sample
048fca3418b3e42f19ef63f45ab884bfac140ca982a3f7a8f34ccb96a2ca60cc.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
048fca3418b3e42f19ef63f45ab884bfac140ca982a3f7a8f34ccb96a2ca60cc.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.speedhouseoman.com - Port:
587 - Username:
[email protected] - Password:
SpH@0084
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.speedhouseoman.com - Port:
587 - Username:
[email protected] - Password:
SpH@0084
https://scratchdreams.tk
Targets
-
-
Target
048fca3418b3e42f19ef63f45ab884bfac140ca982a3f7a8f34ccb96a2ca60cc.exe
-
Size
592KB
-
MD5
23a658bdeeeaeb067cb3de4c02084ecf
-
SHA1
53485c0401fa625de7e565d5ce74b171d0bcae0c
-
SHA256
048fca3418b3e42f19ef63f45ab884bfac140ca982a3f7a8f34ccb96a2ca60cc
-
SHA512
431526897f7357e37616adb8bcc7fb5ee8be18f2b3a1a6a96caad5e7ca8f6c02512d8e0714a2f67934f08d4645fa4a373ef265b8a83975ae1cc57b5325ac23ec
-
SSDEEP
12288:X0pei36Rm2ZanQI1cb1Yd4NkOQwnUZA+zEemHn4uQJ:kpp36NIu1YAFQsUZA+aH4uQ
-
Snake Keylogger payload
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables referencing many email and collaboration clients. Observed in information stealers
-
Detects executables with potential process hoocking
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-