General
-
Target
a6273ca99ae2b4151febe90ac335b05b1d918e3a4e3a5b7da1fcd504be4c758e.rar
-
Size
638B
-
Sample
241129-edkmmsyrdj
-
MD5
f1144511a96c94fe9426e849b5be031b
-
SHA1
c447bd4345b9c643d6376615636531d310fd82af
-
SHA256
a6273ca99ae2b4151febe90ac335b05b1d918e3a4e3a5b7da1fcd504be4c758e
-
SHA512
cd606b98596b1b50a0bd8501e89ccec8ba00f259921875bdcb3d4400e3e7abcc4d45f711ebc131cce9b2fbb14880574d06d63ffee14997b81288975867f1896f
Static task
static1
Behavioral task
behavioral1
Sample
Bukti-Transfer.vbe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
Bukti-Transfer.vbe
Resource
win10v2004-20241007-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
[email protected] - Password:
evqqlnwkcmogylje
Extracted
snakekeylogger
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
[email protected] - Password:
evqqlnwkcmogylje - Email To:
[email protected]
Targets
-
-
Target
Bukti-Transfer.vbe
-
Size
9KB
-
MD5
3a62dc625d7dd22fd4c2aba6e7058dd4
-
SHA1
2b264827a034a913128d9fb362a3b789005ba4f0
-
SHA256
895e3a8a58ca8d0b65bdb92d181ea4ebd53b479872e75c7455e892b58149cb38
-
SHA512
0872c46046e565a8d0866e95a57a7dd1d9a86e3f17eba48901ffc2d913c598c2b44b4d285c508ade8446ba64de44b00d9baa74a72b59cda506ea58f711145b7f
-
SSDEEP
192:FbmzV2nbm3m6G53Vm6z22m6THZKmQmjFm6TH8Mjm8bDmDj02IbmHKmvFnbmVFxVx:ZFbUIyKLK0LBrqPG
-
Snake Keylogger payload
-
Snakekeylogger family
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-