General
-
Target
c22373df43abb6b72c0399a20f7c1c98c5affe0ca60e545223428aae48c82b04.exe
-
Size
589KB
-
Sample
250207-r98qkavpd1
-
MD5
84d8c23ba97d01959bbbcf2643b39c93
-
SHA1
18c4a0f3d086d03b7b43fdf9da23148b69140b54
-
SHA256
c22373df43abb6b72c0399a20f7c1c98c5affe0ca60e545223428aae48c82b04
-
SHA512
37330d0c686f116db0b03b76114c412e1b525ab9fe8620fb2c7898a0f9e24c0b1d8c48bc1e6b22f4a2e705c3c4c651fd2d6e7247751bd7b453e0d9955ab42811
-
SSDEEP
12288:jjWa+Rv3h4AXOAmLO27gNAEpHGxrDDpQ37VYD1Gmywi6SAsKHa:QkAya29+HGlDDpKuD16w9sw
Static task
static1
Behavioral task
behavioral1
Sample
c22373df43abb6b72c0399a20f7c1c98c5affe0ca60e545223428aae48c82b04.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
c22373df43abb6b72c0399a20f7c1c98c5affe0ca60e545223428aae48c82b04.exe
Resource
win10v2004-20250129-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.internationaluniforms.com - Port:
587 - Username:
[email protected] - Password:
New2022! - Email To:
[email protected]
Targets
-
-
Target
c22373df43abb6b72c0399a20f7c1c98c5affe0ca60e545223428aae48c82b04.exe
-
Size
589KB
-
MD5
84d8c23ba97d01959bbbcf2643b39c93
-
SHA1
18c4a0f3d086d03b7b43fdf9da23148b69140b54
-
SHA256
c22373df43abb6b72c0399a20f7c1c98c5affe0ca60e545223428aae48c82b04
-
SHA512
37330d0c686f116db0b03b76114c412e1b525ab9fe8620fb2c7898a0f9e24c0b1d8c48bc1e6b22f4a2e705c3c4c651fd2d6e7247751bd7b453e0d9955ab42811
-
SSDEEP
12288:jjWa+Rv3h4AXOAmLO27gNAEpHGxrDDpQ37VYD1Gmywi6SAsKHa:QkAya29+HGlDDpKuD16w9sw
-
Snake Keylogger payload
-
Snakekeylogger family
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-