General
-
Target
45a1b2c7883a95776966abbe942254055d36890f9aeaa4c78e18f86046d1600c.exe
-
Size
1024KB
-
Sample
240521-bk433sdf9y
-
MD5
2e488e75f59f35f2a52e403254f6ac4b
-
SHA1
f9631fd13ce8fefe5f1aee7d638fb6e2a4ae9ac1
-
SHA256
45a1b2c7883a95776966abbe942254055d36890f9aeaa4c78e18f86046d1600c
-
SHA512
1df825813bf3e78b2c7f52e3315dffe1906ae61ff168dd834384180b644a73152f0e4e3905859e4511c13c56d654890e8dd34b04140ce93c907a9113c9452271
-
SSDEEP
24576:WSu1S82mBVrIiudqjgKJrgKCC9Uy77C/:WSuU82mTV7gKJNZ9J
Static task
static1
Behavioral task
behavioral1
Sample
45a1b2c7883a95776966abbe942254055d36890f9aeaa4c78e18f86046d1600c.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
45a1b2c7883a95776966abbe942254055d36890f9aeaa4c78e18f86046d1600c.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.sentecltd.cam - Port:
587 - Username:
[email protected] - Password:
3q^Ckkz$^jkb - Email To:
[email protected]
https://scratchdreams.tk
Targets
-
-
Target
45a1b2c7883a95776966abbe942254055d36890f9aeaa4c78e18f86046d1600c.exe
-
Size
1024KB
-
MD5
2e488e75f59f35f2a52e403254f6ac4b
-
SHA1
f9631fd13ce8fefe5f1aee7d638fb6e2a4ae9ac1
-
SHA256
45a1b2c7883a95776966abbe942254055d36890f9aeaa4c78e18f86046d1600c
-
SHA512
1df825813bf3e78b2c7f52e3315dffe1906ae61ff168dd834384180b644a73152f0e4e3905859e4511c13c56d654890e8dd34b04140ce93c907a9113c9452271
-
SSDEEP
24576:WSu1S82mBVrIiudqjgKJrgKCC9Uy77C/:WSuU82mTV7gKJNZ9J
-
Snake Keylogger payload
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables referencing many email and collaboration clients. Observed in information stealers
-
Detects executables with potential process hoocking
-
UPX dump on OEP (original entry point)
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-