General
-
Target
3235c0cc1e4c983e8e11ad3f9fe6af66cf5cda2d4f4730f84cd290d877136b6c.exe
-
Size
557KB
-
Sample
240524-bhqgxafh47
-
MD5
7ccea594742ef8616d4329ae4b13d65f
-
SHA1
2cc66eb1781ca1389e5b961f6904ba819770cf62
-
SHA256
3235c0cc1e4c983e8e11ad3f9fe6af66cf5cda2d4f4730f84cd290d877136b6c
-
SHA512
59eef8e1cbedf34393b262f3d84e61a67e552db3ce8d95c492d5559449694d2d6324882c84b844d496b2ae9a7a81dd42df81b6a0a4ff74a8c02e964a680d4a3d
-
SSDEEP
12288:dVTlZnKl3tPs75yJfVtHNrx8ACBUtjKxisU9zJDs1K4YJHg6gi/:nZZKlCYJdBN98AC65izUrow9H+i
Static task
static1
Behavioral task
behavioral1
Sample
3235c0cc1e4c983e8e11ad3f9fe6af66cf5cda2d4f4730f84cd290d877136b6c.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
3235c0cc1e4c983e8e11ad3f9fe6af66cf5cda2d4f4730f84cd290d877136b6c.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.speedhouseoman.com - Port:
587 - Username:
[email protected] - Password:
SpH@0084
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.speedhouseoman.com - Port:
587 - Username:
[email protected] - Password:
SpH@0084
https://scratchdreams.tk
Targets
-
-
Target
3235c0cc1e4c983e8e11ad3f9fe6af66cf5cda2d4f4730f84cd290d877136b6c.exe
-
Size
557KB
-
MD5
7ccea594742ef8616d4329ae4b13d65f
-
SHA1
2cc66eb1781ca1389e5b961f6904ba819770cf62
-
SHA256
3235c0cc1e4c983e8e11ad3f9fe6af66cf5cda2d4f4730f84cd290d877136b6c
-
SHA512
59eef8e1cbedf34393b262f3d84e61a67e552db3ce8d95c492d5559449694d2d6324882c84b844d496b2ae9a7a81dd42df81b6a0a4ff74a8c02e964a680d4a3d
-
SSDEEP
12288:dVTlZnKl3tPs75yJfVtHNrx8ACBUtjKxisU9zJDs1K4YJHg6gi/:nZZKlCYJdBN98AC65izUrow9H+i
-
Snake Keylogger payload
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables referencing many email and collaboration clients. Observed in information stealers
-
Detects executables with potential process hoocking
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-