General
-
Target
40aa4321d9c06e4d3b35fe22feabb2da29d4375f5848fc895bda33bf0eeeb587.exe
-
Size
807KB
-
Sample
241224-d7neys1mhr
-
MD5
421c6f53652413a316da7e7e0c7f99ad
-
SHA1
3c7cbca25c2d74a9df7eeda6ea76d999357dd7ad
-
SHA256
40aa4321d9c06e4d3b35fe22feabb2da29d4375f5848fc895bda33bf0eeeb587
-
SHA512
7b7251e78e91c00163547fe26f14d3f4441eb10bcac369cbf913bd1c892028ac145a143072e48a8983cfe33fd125746aa9efc8da9695f9287197171c8694e201
-
SSDEEP
12288:6aMaSzOKy2r7SPNcZoQ1+ssLpdWTDnB75wDR+aPPyA5SnAYKEVotiBVU:5MaSSKy2/SPNw+RLpmnXwRPPyA545/
Static task
static1
Behavioral task
behavioral1
Sample
40aa4321d9c06e4d3b35fe22feabb2da29d4375f5848fc895bda33bf0eeeb587.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
40aa4321d9c06e4d3b35fe22feabb2da29d4375f5848fc895bda33bf0eeeb587.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.yulifertilizer.com.my - Port:
25 - Username:
[email protected] - Password:
Ayfc931319* - Email To:
[email protected]
Targets
-
-
Target
40aa4321d9c06e4d3b35fe22feabb2da29d4375f5848fc895bda33bf0eeeb587.exe
-
Size
807KB
-
MD5
421c6f53652413a316da7e7e0c7f99ad
-
SHA1
3c7cbca25c2d74a9df7eeda6ea76d999357dd7ad
-
SHA256
40aa4321d9c06e4d3b35fe22feabb2da29d4375f5848fc895bda33bf0eeeb587
-
SHA512
7b7251e78e91c00163547fe26f14d3f4441eb10bcac369cbf913bd1c892028ac145a143072e48a8983cfe33fd125746aa9efc8da9695f9287197171c8694e201
-
SSDEEP
12288:6aMaSzOKy2r7SPNcZoQ1+ssLpdWTDnB75wDR+aPPyA5SnAYKEVotiBVU:5MaSSKy2/SPNw+RLpmnXwRPPyA545/
-
Snake Keylogger payload
-
Snakekeylogger family
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-