General
-
Target
c3cddff3ce93f42d93f3134e6c55eec6f0e75f25256ed91b5d8a6e90cecaf8cc.exe
-
Size
1.1MB
-
Sample
240712-xcrnnsxfnh
-
MD5
c55b7e8ee23f98be5f425a283c72af18
-
SHA1
6786ff899c9dd277becbea4ea3dd9b4ea2ac58f2
-
SHA256
c3cddff3ce93f42d93f3134e6c55eec6f0e75f25256ed91b5d8a6e90cecaf8cc
-
SHA512
34a1131b8f8e7901bdf8602293e74f06460fa4ed6ccaa228928920dfb00b14832ef82bd77c46f066636e0d51457f11e3a965d5f2fd4f1277aca658f125f6cdfc
-
SSDEEP
24576:aAHnh+eWsN3skA4RV1Hom2KXMmHaBDMrMhi+/5:th+ZkldoPK8YaBQrZe
Static task
static1
Behavioral task
behavioral1
Sample
c3cddff3ce93f42d93f3134e6c55eec6f0e75f25256ed91b5d8a6e90cecaf8cc.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
c3cddff3ce93f42d93f3134e6c55eec6f0e75f25256ed91b5d8a6e90cecaf8cc.exe
Resource
win10v2004-20240704-en
Malware Config
Extracted
snakekeylogger
https://scratchdreams.tk
Targets
-
-
Target
c3cddff3ce93f42d93f3134e6c55eec6f0e75f25256ed91b5d8a6e90cecaf8cc.exe
-
Size
1.1MB
-
MD5
c55b7e8ee23f98be5f425a283c72af18
-
SHA1
6786ff899c9dd277becbea4ea3dd9b4ea2ac58f2
-
SHA256
c3cddff3ce93f42d93f3134e6c55eec6f0e75f25256ed91b5d8a6e90cecaf8cc
-
SHA512
34a1131b8f8e7901bdf8602293e74f06460fa4ed6ccaa228928920dfb00b14832ef82bd77c46f066636e0d51457f11e3a965d5f2fd4f1277aca658f125f6cdfc
-
SSDEEP
24576:aAHnh+eWsN3skA4RV1Hom2KXMmHaBDMrMhi+/5:th+ZkldoPK8YaBQrZe
Score10/10-
Snake Keylogger payload
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-