General
-
Target
c5f06b67bffb81502ab97255dccad223c62461f932162dca10e6361c07a97f98.exe
-
Size
1.0MB
-
Sample
241002-bzxbsa1arm
-
MD5
704b1f2b6c81c8818755fe4d5fd4536b
-
SHA1
0f517a0459ef86c9193bfde48cfa7c5eb163d2d1
-
SHA256
c5f06b67bffb81502ab97255dccad223c62461f932162dca10e6361c07a97f98
-
SHA512
8c2815a2a9ba4d1780ce895164544c2f7beaee5e561cee31fab01b7c7d1a9f7a31aab38776f995f4fe4b538a03379adbb7185f79ccc1869f0172e2f4a25c55e3
-
SSDEEP
12288:HLkcoxg7v3qnC11ErwIhh0F4qwUgUny5QPpGJE/azOtf2xaXmlp4ahrMJATZnvZS:rfmMv6Ckr7Mny5QPi2tUJLkIhoUAB
Static task
static1
Behavioral task
behavioral1
Sample
c5f06b67bffb81502ab97255dccad223c62461f932162dca10e6361c07a97f98.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
c5f06b67bffb81502ab97255dccad223c62461f932162dca10e6361c07a97f98.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.invesxteu.info - Port:
587 - Username:
[email protected] - Password:
dN2lI9vN9y
Targets
-
-
Target
c5f06b67bffb81502ab97255dccad223c62461f932162dca10e6361c07a97f98.exe
-
Size
1.0MB
-
MD5
704b1f2b6c81c8818755fe4d5fd4536b
-
SHA1
0f517a0459ef86c9193bfde48cfa7c5eb163d2d1
-
SHA256
c5f06b67bffb81502ab97255dccad223c62461f932162dca10e6361c07a97f98
-
SHA512
8c2815a2a9ba4d1780ce895164544c2f7beaee5e561cee31fab01b7c7d1a9f7a31aab38776f995f4fe4b538a03379adbb7185f79ccc1869f0172e2f4a25c55e3
-
SSDEEP
12288:HLkcoxg7v3qnC11ErwIhh0F4qwUgUny5QPpGJE/azOtf2xaXmlp4ahrMJATZnvZS:rfmMv6Ckr7Mny5QPi2tUJLkIhoUAB
-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-