General
-
Target
b879fea99153e5c103ccffab0bbc0bd018c4fd3eb789ccf9f3fbd98d27a241e6
-
Size
351KB
-
Sample
241223-nxdg4szjar
-
MD5
6b3678dbadb71db489f13395f0cb278f
-
SHA1
ef5439e9f40a116f2c682f619ebe9863d284f429
-
SHA256
b879fea99153e5c103ccffab0bbc0bd018c4fd3eb789ccf9f3fbd98d27a241e6
-
SHA512
3f4fffccac164e413a515b5493dfd5b81d928ea79ade15cadb57d8b496b45e6c70742a32f1a066e41ace7ff7f174fb04c4677d43365d29b73e80145b5e386b2d
-
SSDEEP
6144:sBWmwSTfa0nrsUNrDElhjgffwKow3OuZVSvU0fTWa5UDw3wT4Y3l2U/1u5O3IEv5:s/wSTfaWrsUNr0kfXBeu+vtx3oQW1uWh
Static task
static1
Behavioral task
behavioral1
Sample
MT Eagle Asia 11.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
MT Eagle Asia 11.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.yulifertilizer.com.my - Port:
25 - Username:
[email protected] - Password:
Ayfc931319* - Email To:
[email protected]
Targets
-
-
Target
MT Eagle Asia 11.exe
-
Size
807KB
-
MD5
421c6f53652413a316da7e7e0c7f99ad
-
SHA1
3c7cbca25c2d74a9df7eeda6ea76d999357dd7ad
-
SHA256
40aa4321d9c06e4d3b35fe22feabb2da29d4375f5848fc895bda33bf0eeeb587
-
SHA512
7b7251e78e91c00163547fe26f14d3f4441eb10bcac369cbf913bd1c892028ac145a143072e48a8983cfe33fd125746aa9efc8da9695f9287197171c8694e201
-
SSDEEP
12288:6aMaSzOKy2r7SPNcZoQ1+ssLpdWTDnB75wDR+aPPyA5SnAYKEVotiBVU:5MaSSKy2/SPNw+RLpmnXwRPPyA545/
-
Snake Keylogger payload
-
Snakekeylogger family
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-