General
-
Target
c108c9f1c3c725b221c947df56589449e367a112cc443b4fca8f1b53ec7412c3.exe
-
Size
1.0MB
-
Sample
241012-qahveswekn
-
MD5
64250fbc0c8194727c46f0a4ab569139
-
SHA1
9f08f52161a6870763b7beae581524f41e4260cb
-
SHA256
c108c9f1c3c725b221c947df56589449e367a112cc443b4fca8f1b53ec7412c3
-
SHA512
55f534333a39b36b5e99f551c286282bba7ce346c91014cd42b520471f86dcc5cb4c2681ce6a0e02224f2ae6970fa5d32294ee63839b4a6521914ced8dba0ee4
-
SSDEEP
24576:o5EmXFtKaL4/oFe5T9yyXYfP1ijXdamU3JupouR+:oPVt/LZeJbInQRam9
Static task
static1
Behavioral task
behavioral1
Sample
c108c9f1c3c725b221c947df56589449e367a112cc443b4fca8f1b53ec7412c3.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
c108c9f1c3c725b221c947df56589449e367a112cc443b4fca8f1b53ec7412c3.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
smtp.skagenships.com - Port:
587 - Username:
[email protected] - Password:
XAqEAz@4
Targets
-
-
Target
c108c9f1c3c725b221c947df56589449e367a112cc443b4fca8f1b53ec7412c3.exe
-
Size
1.0MB
-
MD5
64250fbc0c8194727c46f0a4ab569139
-
SHA1
9f08f52161a6870763b7beae581524f41e4260cb
-
SHA256
c108c9f1c3c725b221c947df56589449e367a112cc443b4fca8f1b53ec7412c3
-
SHA512
55f534333a39b36b5e99f551c286282bba7ce346c91014cd42b520471f86dcc5cb4c2681ce6a0e02224f2ae6970fa5d32294ee63839b4a6521914ced8dba0ee4
-
SSDEEP
24576:o5EmXFtKaL4/oFe5T9yyXYfP1ijXdamU3JupouR+:oPVt/LZeJbInQRam9
Score10/10-
Snake Keylogger payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-