General
-
Target
abcc7d5dc77c35bd53867a3694c4d3357e17e3d4a1b9bcfa52ee78b48a01c64d
-
Size
7KB
-
Sample
241204-b3kr6azqgq
-
MD5
22cfe7d8acc1bed51a3934fe28c4025a
-
SHA1
fe802bef1a232c7ec5bdf9cda03a072c60da13c5
-
SHA256
abcc7d5dc77c35bd53867a3694c4d3357e17e3d4a1b9bcfa52ee78b48a01c64d
-
SHA512
7d0e0805f98ecaa48edd6ec414876368f99fe137a6820d6d0a5634718efcdbc32ba255029f37ca27cbf0566c5223b4c3019aa1a41bde80340f7551715a6812df
-
SSDEEP
96:UiPSOGFiruMX5DUrqrj5trZDUWG5IuMX5DUzN8FI8/LiOI8/LvMMnN8UOuMX5DUZ:NLCnXrULZ6O
Static task
static1
Behavioral task
behavioral1
Sample
abcc7d5dc77c35bd53867a3694c4d3357e17e3d4a1b9bcfa52ee78b48a01c64d.js
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
abcc7d5dc77c35bd53867a3694c4d3357e17e3d4a1b9bcfa52ee78b48a01c64d.js
Resource
win10v2004-20241007-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
[email protected] - Password:
evqqlnwkcmogylje
Extracted
snakekeylogger
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
[email protected] - Password:
evqqlnwkcmogylje - Email To:
[email protected]
Targets
-
-
Target
abcc7d5dc77c35bd53867a3694c4d3357e17e3d4a1b9bcfa52ee78b48a01c64d
-
Size
7KB
-
MD5
22cfe7d8acc1bed51a3934fe28c4025a
-
SHA1
fe802bef1a232c7ec5bdf9cda03a072c60da13c5
-
SHA256
abcc7d5dc77c35bd53867a3694c4d3357e17e3d4a1b9bcfa52ee78b48a01c64d
-
SHA512
7d0e0805f98ecaa48edd6ec414876368f99fe137a6820d6d0a5634718efcdbc32ba255029f37ca27cbf0566c5223b4c3019aa1a41bde80340f7551715a6812df
-
SSDEEP
96:UiPSOGFiruMX5DUrqrj5trZDUWG5IuMX5DUzN8FI8/LiOI8/LvMMnN8UOuMX5DUZ:NLCnXrULZ6O
-
Snake Keylogger payload
-
Snakekeylogger family
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-