General
-
Target
c5ed14e8dd6cb2860c6638a80812688b.bin
-
Size
310KB
-
Sample
240624-dzs1gazbmr
-
MD5
bdf7c369cf8a9b6c4fa670ff475c7f2f
-
SHA1
3bc833043e2360fd9b38e462183bab8431e8dc04
-
SHA256
cdde0d6ddd648f965fb2321e542ca279d42c6c395d1b7933a82be46693db3a96
-
SHA512
40584f7cfda0a51438a02900a9e6ca304f1b8116a6fe79d11591151f343882e365b6b35ed0b6993785359343b249aac7c86da8e1a254576d535b2d666655bfe8
-
SSDEEP
6144:fjyH9bl5bTRTMTYzPj7gdq89raamlZ1O8l9xuMtTYjNv60zqs+TUx:fqd2a3g8gI1O87xu+TYD+sB
Static task
static1
Behavioral task
behavioral1
Sample
69ccbe47812c85cd71bf9824e986c439f9b3ae364191b09bff90e8c9b7b8b1ea.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
69ccbe47812c85cd71bf9824e986c439f9b3ae364191b09bff90e8c9b7b8b1ea.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
valleycountysar.org - Port:
26 - Username:
[email protected] - Password:
fY,FLoadtsiF
http://103.130.147.85
Targets
-
-
Target
69ccbe47812c85cd71bf9824e986c439f9b3ae364191b09bff90e8c9b7b8b1ea.exe
-
Size
537KB
-
MD5
c5ed14e8dd6cb2860c6638a80812688b
-
SHA1
00af8c4a13e22816093700587f652d7ea773d62d
-
SHA256
69ccbe47812c85cd71bf9824e986c439f9b3ae364191b09bff90e8c9b7b8b1ea
-
SHA512
1cdbce711cd2341b31674e50ebb6b3261293c4e56a6846791d4ec2cc8d1f792d263ffa81e92a541195ba4b8af2d4268ed2a70ee7374517339a0f750da0d9098d
-
SSDEEP
12288:/tu+p5Q+8bw8e4FZp+nOo5PNkDVgKJv/v+PLuSn:/p5Q+Oe4FZkIv/6LB
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-