General
-
Target
31012025_0153_HTWP0987600.bat.zip
-
Size
441KB
-
Sample
250131-cp6cdazkam
-
MD5
668072283f6b406fe02494d21fee42e3
-
SHA1
1610695b2994f95066b41215fd6c8da65a0ab212
-
SHA256
4ee9edd9ef3a92e65f7db6b1dde1bf67d1b58a79bb47fc26f6c18675baa3ec7f
-
SHA512
998748ba913ca371586034fbcb881c93e71b2779fa35da1c6bcf4e39e7bbc95cced7b8706017e5a24ea65c5c6eeaeca2e9b53dbca6eac78b0a23678592394bf2
-
SSDEEP
12288:VleoPRfYUSNyWWTxa4qJbZbaqcrQk/2O9Jmt1vb8wMBE:ioKLNprJ9aqYQZQ1E
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.daipro.com.mx - Port:
587 - Username:
[email protected] - Password:
DAIpro123** - Email To:
[email protected]
https://scratchdreams.tk
Targets
-
-
Target
HTWP0987600.bat
-
Size
527KB
-
MD5
3f48fc323c58106614bfe2719971411c
-
SHA1
47b50ce885d36c013a43b0cc8c235608277caf7c
-
SHA256
806c4451b1153f5453fdf0a09465a1f82018c3f01b3381a559564143f6d13796
-
SHA512
a1e93d845b9007622f2d634d346754ff1721d4769ce9200ee2902f81e8e51d0d6450fa1105855b143f50567509b9aa43d64d8709ac71ed13575793490a816b27
-
SSDEEP
12288:u6Wq4aaE6KwyF5L0Y2D1PqLQxnE3nmtzvF8wWVa:0thEVaPqLqnVy7a
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger payload
-
Snakekeylogger family
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-