General
-
Target
55ccad7598111f860115104c3e0b8a2da904937a4b5adc374ff8c9e7399504d4.zip
-
Size
532KB
-
Sample
240524-xft8zafe54
-
MD5
6500287fc155733aa3253857ad6a5349
-
SHA1
a86a94acd102e7c04435fe27e3ec4841fa9efbf1
-
SHA256
55ccad7598111f860115104c3e0b8a2da904937a4b5adc374ff8c9e7399504d4
-
SHA512
69396c8f8c0e6fdfa2407445dde5a0426798f60be36a06b68c32f9caf5f3a874348c73f9feab6b8ffa405a790c0722fef0cee1f6710b9a905c74cda04b524dca
-
SSDEEP
12288:aqHi9G3F+nXXqcU0qQOSxlyohNKUl/um7fKwZhQy1XuBJS+J:a4YsIX6QOSOojKTmDbhHuBJlJ
Static task
static1
Behavioral task
behavioral1
Sample
ORDEN DE COMPRA URGENTEsxlx..exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
ORDEN DE COMPRA URGENTEsxlx..exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.gbogboro.com - Port:
587 - Username:
[email protected] - Password:
Egoamaka@123
https://scratchdreams.tk
Targets
-
-
Target
ORDEN DE COMPRA URGENTEsxlx..exe
-
Size
786KB
-
MD5
2eb9d2de619e8593a3f6170e239f63ff
-
SHA1
6922327acc9e107c2473057131238cbc7d47b74b
-
SHA256
0f6d369383b7b52c9973de3c3028f0dcf08726077047e7a39a8e30231c821c2d
-
SHA512
37571a20f840f3ac123719bb651aa1acdbda6eeb56e46f8c985544328e83902feddb9051c3670811252aa9c8824fd34870b744b616f82b928f1e1d89d89f3049
-
SSDEEP
12288:Tx3sR2w1G/XbqcU00QSSFneGjPKK3/m4NfKIHFQM1lCJJV+5:d8CbkQSSIG7KH4tfFbCJJg5
-
Snake Keylogger payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-