General
-
Target
a516ee0eb4804ca7f6991b4d631305dd3ee0611b9c5612567720e8c403795714.exe
-
Size
1.0MB
-
Sample
241126-dmt21axphq
-
MD5
645b21c9a9f4b1d500e490ea0186cef5
-
SHA1
af4f8a87517cedd096b05ad9819173a28b50816f
-
SHA256
a516ee0eb4804ca7f6991b4d631305dd3ee0611b9c5612567720e8c403795714
-
SHA512
b8d9094e63dfff43101cb4481e97392f71cf11883bbd1818b9a7ca09d76a46b10d75a5ae6d92cc87024b116fdc4f75d6e642cbd53a77f5ee6b101953be66a7b6
-
SSDEEP
24576:dY2YACYOYGYAAYAtY0YHYAkYAtYJYAAYoYA2YRYAUYDYAHkjSjy4s8nY/mCtCA6y:JZpnWmC96kDiy4QTn/
Static task
static1
Behavioral task
behavioral1
Sample
a516ee0eb4804ca7f6991b4d631305dd3ee0611b9c5612567720e8c403795714.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
a516ee0eb4804ca7f6991b4d631305dd3ee0611b9c5612567720e8c403795714.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
juguly.shop - Port:
587 - Username:
[email protected] - Password:
rEBS93U9rKLG - Email To:
[email protected]
Targets
-
-
Target
a516ee0eb4804ca7f6991b4d631305dd3ee0611b9c5612567720e8c403795714.exe
-
Size
1.0MB
-
MD5
645b21c9a9f4b1d500e490ea0186cef5
-
SHA1
af4f8a87517cedd096b05ad9819173a28b50816f
-
SHA256
a516ee0eb4804ca7f6991b4d631305dd3ee0611b9c5612567720e8c403795714
-
SHA512
b8d9094e63dfff43101cb4481e97392f71cf11883bbd1818b9a7ca09d76a46b10d75a5ae6d92cc87024b116fdc4f75d6e642cbd53a77f5ee6b101953be66a7b6
-
SSDEEP
24576:dY2YACYOYGYAAYAtY0YHYAkYAtYJYAAYoYA2YRYAUYDYAHkjSjy4s8nY/mCtCA6y:JZpnWmC96kDiy4QTn/
-
Snake Keylogger payload
-
Snakekeylogger family
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-