General
-
Target
e1c4089327fb30ab540a7c2c28603d498c06f09198bd9a092a1e138f95c91120.exe
-
Size
687KB
-
Sample
240625-ccvp4sxgrm
-
MD5
17dbe32cf7729484300fe788aba6988e
-
SHA1
2d1ea99bcc2fb89fae2e7fadfd5110e6bf018ad5
-
SHA256
e1c4089327fb30ab540a7c2c28603d498c06f09198bd9a092a1e138f95c91120
-
SHA512
fe222afbfa6139dbec6fddf7cb27f6dc0ac23ba58d7153db6172d816bf0d45137017277bd875983cf6ed72d8d841c09a2eb64b7143da0a0b7910d64944476a46
-
SSDEEP
12288:rmIOdB2g4wmof2NP4T/k4GfX7CtyURiaWVpX1rBhEWIXsnQTN7heJ8Vxfv6j:eFmps/OX7CtbB0l9hzIXFTJhPxHO
Static task
static1
Behavioral task
behavioral1
Sample
e1c4089327fb30ab540a7c2c28603d498c06f09198bd9a092a1e138f95c91120.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
e1c4089327fb30ab540a7c2c28603d498c06f09198bd9a092a1e138f95c91120.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
snakekeylogger
http://103.130.147.85
Targets
-
-
Target
e1c4089327fb30ab540a7c2c28603d498c06f09198bd9a092a1e138f95c91120.exe
-
Size
687KB
-
MD5
17dbe32cf7729484300fe788aba6988e
-
SHA1
2d1ea99bcc2fb89fae2e7fadfd5110e6bf018ad5
-
SHA256
e1c4089327fb30ab540a7c2c28603d498c06f09198bd9a092a1e138f95c91120
-
SHA512
fe222afbfa6139dbec6fddf7cb27f6dc0ac23ba58d7153db6172d816bf0d45137017277bd875983cf6ed72d8d841c09a2eb64b7143da0a0b7910d64944476a46
-
SSDEEP
12288:rmIOdB2g4wmof2NP4T/k4GfX7CtyURiaWVpX1rBhEWIXsnQTN7heJ8Vxfv6j:eFmps/OX7CtbB0l9hzIXFTJhPxHO
Score10/10-
Snake Keylogger payload
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables packed with SmartAssembly
-
Detects executables referencing many email and collaboration clients. Observed in information stealers
-
Detects executables with potential process hoocking
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-