General
-
Target
DO70976789089.bat
-
Size
1.1MB
-
Sample
240711-vp753swcrk
-
MD5
2713632265334f5787354ca0d66216a6
-
SHA1
7327b3348098db8f503c94e0738fbfcba8c86fa7
-
SHA256
2378b6646124aefc8b0cc9856e9f155881705ee08a278125bde9e61519df39a6
-
SHA512
1ea07ba59d194c89bfb38c2858891af9834bb61e944e3affd08c872c6fbd0670c23f6c8ee62ae513123a205941223982248165497953119ab0fccde27d077d28
-
SSDEEP
24576:TAHnh+eWsN3skA4RV1Hom2KXMmHaEJRmFBbxiIaf5:eh+ZkldoPK8YaEXmLz6
Static task
static1
Behavioral task
behavioral1
Sample
DO70976789089.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
DO70976789089.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
snakekeylogger
https://scratchdreams.tk
Targets
-
-
Target
DO70976789089.bat
-
Size
1.1MB
-
MD5
2713632265334f5787354ca0d66216a6
-
SHA1
7327b3348098db8f503c94e0738fbfcba8c86fa7
-
SHA256
2378b6646124aefc8b0cc9856e9f155881705ee08a278125bde9e61519df39a6
-
SHA512
1ea07ba59d194c89bfb38c2858891af9834bb61e944e3affd08c872c6fbd0670c23f6c8ee62ae513123a205941223982248165497953119ab0fccde27d077d28
-
SSDEEP
24576:TAHnh+eWsN3skA4RV1Hom2KXMmHaEJRmFBbxiIaf5:eh+ZkldoPK8YaEXmLz6
Score10/10-
Snake Keylogger payload
-
Drops startup file
-
Executes dropped EXE
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-