General
-
Target
8eedf9b52ee1d568c848fbb5c15b0f20bebd0433919b7890f24a6ae61cf9a8ff
-
Size
638KB
-
Sample
241023-26tscawdlp
-
MD5
b724bf637c848bc95d433ec5d6b5cc0c
-
SHA1
cf6b7a922cc27982d4f153a7cfdd832671e836b4
-
SHA256
8eedf9b52ee1d568c848fbb5c15b0f20bebd0433919b7890f24a6ae61cf9a8ff
-
SHA512
3221c9ece2ad2bae3b6c0dc49dcb3026dd20a2725b2ceb74fa352ea744da46133f84fbc621abf858435b9a68af495b2505ac3f743c56c97d38e912073c2132c1
-
SSDEEP
12288:FHuE6AAhZE2I8KwfcjmAkkpZ+Ho/fOicOoCGxLuyNT:YXZEKdfJAkaZ5tcT
Static task
static1
Behavioral task
behavioral1
Sample
8eedf9b52ee1d568c848fbb5c15b0f20bebd0433919b7890f24a6ae61cf9a8ff.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
8eedf9b52ee1d568c848fbb5c15b0f20bebd0433919b7890f24a6ae61cf9a8ff.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.murchisonspice.co.za - Port:
587 - Username:
[email protected] - Password:
orders786q#
Targets
-
-
Target
8eedf9b52ee1d568c848fbb5c15b0f20bebd0433919b7890f24a6ae61cf9a8ff
-
Size
638KB
-
MD5
b724bf637c848bc95d433ec5d6b5cc0c
-
SHA1
cf6b7a922cc27982d4f153a7cfdd832671e836b4
-
SHA256
8eedf9b52ee1d568c848fbb5c15b0f20bebd0433919b7890f24a6ae61cf9a8ff
-
SHA512
3221c9ece2ad2bae3b6c0dc49dcb3026dd20a2725b2ceb74fa352ea744da46133f84fbc621abf858435b9a68af495b2505ac3f743c56c97d38e912073c2132c1
-
SSDEEP
12288:FHuE6AAhZE2I8KwfcjmAkkpZ+Ho/fOicOoCGxLuyNT:YXZEKdfJAkaZ5tcT
-
Snake Keylogger payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2