General
-
Target
pago 4094.r09
-
Size
479KB
-
Sample
241214-s6a6kawqhv
-
MD5
a448bda0002ecd968b6ae9526617c974
-
SHA1
cf13df73eff74b9ceb6d837c1d7cc9d01fe918db
-
SHA256
ad24b345eac9876a65fb6b0d2eda0da669c3b23aaa969db9ce913f8a63c0a5f1
-
SHA512
2f819a259e875183db1fd4357f94296352f2953a1c1536459d6df625222c19feaa392ccd8d9c3b4051960b5c1095bd06e8f8315b6882ae150f99b813fee83dc2
-
SSDEEP
12288:FlVvIQalIT28m/A4CAa0nuRG4XYB5pYGCP5G:Fl5nalyGzBuk4IB5pY7G
Static task
static1
Behavioral task
behavioral1
Sample
pago 4094.exe
Resource
win11-20241007-en
Behavioral task
behavioral2
Sample
pago 4094.exe
Resource
android-33-x64-arm64-20240624-en
Behavioral task
behavioral3
Sample
pago 4094.exe
Resource
ubuntu2204-amd64-20240611-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
info@wso-security.com - Password:
UWzDeXWsD8
Targets
-
-
Target
pago 4094.exe
-
Size
528KB
-
MD5
1a0f4cc0513f1b56fef01c815410c6ea
-
SHA1
a663c9ecf8f488d6e07b892165ae0a3712b0e91f
-
SHA256
d483d48c15f797c92c89d2eafcc9fc7cbe0c02cabe1d9130bb9069e8c897c94c
-
SHA512
4251fd4738f6b47a327b1f1d7609aa5af623669734a1fc9ebf5786337d0fbc5142c8176e51f9f2f5869e47bdbbb2f46090f66fb3cea30189d57917b58049f84b
-
SSDEEP
12288:PXPZDbCo/k+n70P4uR87fD0iBTJj1ijFDTw:hOz+IPz6/PF1ihDTw
-
Snake Keylogger payload
-
Snakekeylogger family
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-