General
-
Target
DOCUMENT_10-07-2024.exe
-
Size
2.1MB
-
Sample
240713-nz5z5szbnj
-
MD5
a8df19e9bbcedc6c666143126fc58f82
-
SHA1
81470c0571646dc8193ed37dfac1e90c684ff9ed
-
SHA256
1e2e668213a67dba5e1a30cd974a8a80a9623137fd1abdbf8a18770f25ad1172
-
SHA512
a0c647bcb02de34ad19fd43a11ab584906a870b08291b104fe75c8b7059a9d76dcc255d1b0b641a96df5933fd031ef1e111528ab2aef6fd92a5eef10b894dad4
-
SSDEEP
49152:Uv7j4vyX4NmDVidcQexvxK7aTKRMf4n3ltmaB7kYIVCOanZKXHk:aj418CLGK6KSf4n2e45VlX
Static task
static1
Behavioral task
behavioral1
Sample
DOCUMENT_10-07-2024.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
DOCUMENT_10-07-2024.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.ba-theatre.com - Port:
587 - Username:
[email protected] - Password:
juddba123 - Email To:
[email protected]
Targets
-
-
Target
DOCUMENT_10-07-2024.exe
-
Size
2.1MB
-
MD5
a8df19e9bbcedc6c666143126fc58f82
-
SHA1
81470c0571646dc8193ed37dfac1e90c684ff9ed
-
SHA256
1e2e668213a67dba5e1a30cd974a8a80a9623137fd1abdbf8a18770f25ad1172
-
SHA512
a0c647bcb02de34ad19fd43a11ab584906a870b08291b104fe75c8b7059a9d76dcc255d1b0b641a96df5933fd031ef1e111528ab2aef6fd92a5eef10b894dad4
-
SSDEEP
49152:Uv7j4vyX4NmDVidcQexvxK7aTKRMf4n3ltmaB7kYIVCOanZKXHk:aj418CLGK6KSf4n2e45VlX
-
Snake Keylogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-