General
-
Target
642df4734b0600914aa5d9b3fa7c632e1a0a716e40599950241cba6cbf9b516a
-
Size
299KB
-
Sample
250117-de16cazrgk
-
MD5
1bc89e3ae67719f2edd8c959b7e7f897
-
SHA1
2c99e701d0f564356c05c496fe8c7b1d5a9bc0c5
-
SHA256
642df4734b0600914aa5d9b3fa7c632e1a0a716e40599950241cba6cbf9b516a
-
SHA512
7cde725c2e0dfe7bff0613f5dcce7778ee42bf4e83bb3764d8bd0acd533ab4e974ddbfe8796d30c33315ef14242b901a925f5e4931f1b9a7f3d565521c73fc34
-
SSDEEP
6144:MwoMCyEKuuC5KiWYsgmZ5DbTt6wH7kWZENMUDYJ6xB2jPWV/TN:Mw3zEKu9MYsvXTtFHwuEvDOWqu9TN
Static task
static1
Behavioral task
behavioral1
Sample
shipment details.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
shipment details.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
webmail.active.by - Port:
25 - Username:
[email protected] - Password:
geecf683:m - Email To:
[email protected]
Targets
-
-
Target
shipment details.exe
-
Size
577KB
-
MD5
9565fee024eec0caec3277bdfd313f5e
-
SHA1
161249450ebf57ed2ea7f2a5311c875749a7d778
-
SHA256
9781bed51fa317c05bdee10e39bb36691e55217983c133081f757f39e5d2a21d
-
SHA512
0c51b9afd511edac803fc93de945357c24b4d214bd82c071fb22e056670104c310f8ffaa7fc53baab0db522599631cc413997a2336ff96bcc272acd484f47096
-
SSDEEP
12288:ZbRKjP7ne5ewppROaZhPcJH54prTtmPhxo3////rK///I/////qvwt12LXPgX:DKjP7e5ewpaKhPSHWK6////G///I///T
-
Snake Keylogger payload
-
Snakekeylogger family
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-