General
-
Target
ed54ab7270f7562ce7953847239b8c4467361c3105a9688942d05bc55a217234
-
Size
1.1MB
-
Sample
241121-wp8x2synfq
-
MD5
50bb47bb771b4140a514b309b643711e
-
SHA1
60ecc3ff6bad5b263313d8c35b91c461b3632d0d
-
SHA256
ed54ab7270f7562ce7953847239b8c4467361c3105a9688942d05bc55a217234
-
SHA512
1a7746b7a6854d372a9ed448ab7746ec8a2ce1009d17a50a1e47a5ce6f983d64308834fc94bf30ceed87303b7507084c690ef12fcb3cfd3484008005ac4a1d51
-
SSDEEP
24576:PgbVReM+Fcmpgk+V41PAEXVz5L/905ipqa6LTlxIL:e/mUO4ErLl08pqu
Static task
static1
Behavioral task
behavioral1
Sample
ed54ab7270f7562ce7953847239b8c4467361c3105a9688942d05bc55a217234.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
ed54ab7270f7562ce7953847239b8c4467361c3105a9688942d05bc55a217234.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
juguly.shop - Port:
587 - Username:
[email protected] - Password:
0Rwf4UeVpnUG - Email To:
[email protected]
Targets
-
-
Target
ed54ab7270f7562ce7953847239b8c4467361c3105a9688942d05bc55a217234
-
Size
1.1MB
-
MD5
50bb47bb771b4140a514b309b643711e
-
SHA1
60ecc3ff6bad5b263313d8c35b91c461b3632d0d
-
SHA256
ed54ab7270f7562ce7953847239b8c4467361c3105a9688942d05bc55a217234
-
SHA512
1a7746b7a6854d372a9ed448ab7746ec8a2ce1009d17a50a1e47a5ce6f983d64308834fc94bf30ceed87303b7507084c690ef12fcb3cfd3484008005ac4a1d51
-
SSDEEP
24576:PgbVReM+Fcmpgk+V41PAEXVz5L/905ipqa6LTlxIL:e/mUO4ErLl08pqu
-
Snake Keylogger payload
-
Snakekeylogger family
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-