General
-
Target
PG567777878-H677889978-6G89O9I4567778.exe
-
Size
950KB
-
Sample
241028-wl1r9svbqe
-
MD5
051b32061ee6409bea2940fba5a8cea9
-
SHA1
3ef3be3f05e8f91e0a3c75d59e6c5c2e8506929b
-
SHA256
a75aa2468bedb7ee3e802fe0c238dcb052c988dc2e378b9453060cff70022519
-
SHA512
5e6e110f4e86d32674cc91bf98882a170d0b793401b0004674ba0962579f3ea63a2ab8f4601711c6f591fe2037a3a7581403658d6cca8a16ba3e44b02d7a2c7f
-
SSDEEP
12288:aLkcoxg7v3qnC11ErwIhh0F4qwUgUny5Q4+C3XtZUJbwmOibFc9AFofogsj1opjl:YfmMv6Ckr7Mny5Qp6KJc9AFEoWR
Static task
static1
Behavioral task
behavioral1
Sample
PG567777878-H677889978-6G89O9I4567778.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
PG567777878-H677889978-6G89O9I4567778.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.invesxteu.info - Port:
587 - Username:
[email protected] - Password:
dN2lI9vN9y
Targets
-
-
Target
PG567777878-H677889978-6G89O9I4567778.exe
-
Size
950KB
-
MD5
051b32061ee6409bea2940fba5a8cea9
-
SHA1
3ef3be3f05e8f91e0a3c75d59e6c5c2e8506929b
-
SHA256
a75aa2468bedb7ee3e802fe0c238dcb052c988dc2e378b9453060cff70022519
-
SHA512
5e6e110f4e86d32674cc91bf98882a170d0b793401b0004674ba0962579f3ea63a2ab8f4601711c6f591fe2037a3a7581403658d6cca8a16ba3e44b02d7a2c7f
-
SSDEEP
12288:aLkcoxg7v3qnC11ErwIhh0F4qwUgUny5Q4+C3XtZUJbwmOibFc9AFofogsj1opjl:YfmMv6Ckr7Mny5Qp6KJc9AFEoWR
Score10/10-
Snake Keylogger payload
-
Snakekeylogger family
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-