General
-
Target
tmp_g9vg5_r
-
Size
630KB
-
Sample
240712-t2cdha1fjm
-
MD5
8c0f245674a12540750ace4a664f3af6
-
SHA1
a3809bd7cbc4d0448a6aff8bb3ae6f3b0546017a
-
SHA256
76afbad7304f66738d4f26200c7c1eb410a70b0e9a051794d93f836ced3fa387
-
SHA512
ca611211bcf37fa19070b6e6ae8e42c0aa50b5785b5bf65454834e65ed8432e014e10f4e70405de43c9eadb55dfb752e0caacf8c94927c8340f76f6b73b8d468
-
SSDEEP
12288:XvxwRbB0H5KUjUPKCuO+ggobwxF80a/mBPjC:Xvx6bB0ZqAHgDSFa/ojC
Static task
static1
Behavioral task
behavioral1
Sample
tmp_g9vg5_r.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
tmp_g9vg5_r.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240704-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/nsExec.dll
Resource
win7-20240708-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10v2004-20240709-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.takween-acad.com - Port:
587 - Username:
[email protected] - Password:
Chelseamel@22 - Email To:
[email protected]
Targets
-
-
Target
tmp_g9vg5_r
-
Size
630KB
-
MD5
8c0f245674a12540750ace4a664f3af6
-
SHA1
a3809bd7cbc4d0448a6aff8bb3ae6f3b0546017a
-
SHA256
76afbad7304f66738d4f26200c7c1eb410a70b0e9a051794d93f836ced3fa387
-
SHA512
ca611211bcf37fa19070b6e6ae8e42c0aa50b5785b5bf65454834e65ed8432e014e10f4e70405de43c9eadb55dfb752e0caacf8c94927c8340f76f6b73b8d468
-
SSDEEP
12288:XvxwRbB0H5KUjUPKCuO+ggobwxF80a/mBPjC:Xvx6bB0ZqAHgDSFa/ojC
Score10/10-
Snake Keylogger payload
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
bff2a11d26d951ec34679b8fa1ee7192
-
SHA1
d3de629a5a86ee35b6afa1802f6ac8b141b07062
-
SHA256
aec5af9c7c551c3590492b0c0120b535b55ab048e84f695b617a5ab4b1a52f54
-
SHA512
1dce397c9cab3cd3b58c181688286a89067c743f195403694819c2d988435268ffd01939beaaa17cfa344160c89414f28273b70de154be0def034af8c470723a
-
SSDEEP
192:G9rQDenC9VrcK7REgSWOprANupQYLRszDDH/d9CWlXo7U6Wxf:GJQEaVAK7R9SfpjpQYLRszfH/d9CWB1j
Score3/10 -
-
-
Target
$PLUGINSDIR/nsExec.dll
-
Size
6KB
-
MD5
fdee755c4987e9859e0eec130ee22efd
-
SHA1
ba32823881a98da6b92eee1d866be2b3a20c6e5d
-
SHA256
e18984e78d58b2383f2c1e8ed0000088ee8d9d469345383618f179176fcddff6
-
SHA512
31ba3dad22fd9b78ab3f6017c4373c923d048cf0c010900a131c4533ef185d408a88052aa4cf6184dbe484d44aab9cfa94a052185cf0b9ad19286ed921e4723f
-
SSDEEP
96:ft4Vl/7Lo1UBrob9ljNEUgD7cyuM1x9XkraK2A2KAB5VVDyssKZ:ft4Vlw1Iul5J8T1vK20I5VVGsb
Score3/10 -