General
-
Target
f8e9ed2df6f78492688b594be05172e2fc762ddcd05979ea9a2fd015751578c8
-
Size
152KB
-
Sample
241112-kvd43sxres
-
MD5
bceeeaed492e3bd2f71b15db3ef2536f
-
SHA1
ebc1a46040de5d522c9e55ce73c506e82a90812e
-
SHA256
f8e9ed2df6f78492688b594be05172e2fc762ddcd05979ea9a2fd015751578c8
-
SHA512
9fcae77d636c3d3d6608cadeedcd182996a5a4b9f57e21b02e8fb9d16fa39766059628171021043fff5ef958abe29f763d8f6bb004c62ab30d6146f16e631679
-
SSDEEP
3072:t+XlnyGeKXVgLNIvZImA5b5OsL0wvxdagbY:WnyTkZa5bpjb
Behavioral task
behavioral1
Sample
f8e9ed2df6f78492688b594be05172e2fc762ddcd05979ea9a2fd015751578c8.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
f8e9ed2df6f78492688b594be05172e2fc762ddcd05979ea9a2fd015751578c8.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
zulpine.shop - Port:
587 - Username:
[email protected] - Password:
NcYqB4GJZFG3 - Email To:
[email protected]
Targets
-
-
Target
f8e9ed2df6f78492688b594be05172e2fc762ddcd05979ea9a2fd015751578c8
-
Size
152KB
-
MD5
bceeeaed492e3bd2f71b15db3ef2536f
-
SHA1
ebc1a46040de5d522c9e55ce73c506e82a90812e
-
SHA256
f8e9ed2df6f78492688b594be05172e2fc762ddcd05979ea9a2fd015751578c8
-
SHA512
9fcae77d636c3d3d6608cadeedcd182996a5a4b9f57e21b02e8fb9d16fa39766059628171021043fff5ef958abe29f763d8f6bb004c62ab30d6146f16e631679
-
SSDEEP
3072:t+XlnyGeKXVgLNIvZImA5b5OsL0wvxdagbY:WnyTkZa5bpjb
Score10/10-
Snake Keylogger payload
-
Snakekeylogger family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-