General
-
Target
tmpzm9m5tod
-
Size
557KB
-
Sample
240625-gzwcdathph
-
MD5
af9d6f2a166aaabc3b5614ad30fe6777
-
SHA1
9198d11bc2924fa3a5a1df232fff8f36d1dd5d62
-
SHA256
a6740e91697a194c69526e700ed66eeff7f976364511eaaca4adeb62b7b387ec
-
SHA512
6b1ec03a0dc3300a455b897b17783d098f452946280e24f9da0755417f4b07db1079c3d953b8c289334fa2f35cbff8bfc13136f4b0cc62cc334ce11aa9826582
-
SSDEEP
12288:kajzn2qD+5+Sp1FEXPI18GQ/TSVA7T7qoX3Tmq:njznla+SFEA8tLSzGTm
Static task
static1
Behavioral task
behavioral1
Sample
tmpzm9m5tod.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
tmpzm9m5tod.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
valleycountysar.org - Port:
26 - Username:
[email protected] - Password:
fY,FLoadtsiF
Targets
-
-
Target
tmpzm9m5tod
-
Size
557KB
-
MD5
af9d6f2a166aaabc3b5614ad30fe6777
-
SHA1
9198d11bc2924fa3a5a1df232fff8f36d1dd5d62
-
SHA256
a6740e91697a194c69526e700ed66eeff7f976364511eaaca4adeb62b7b387ec
-
SHA512
6b1ec03a0dc3300a455b897b17783d098f452946280e24f9da0755417f4b07db1079c3d953b8c289334fa2f35cbff8bfc13136f4b0cc62cc334ce11aa9826582
-
SSDEEP
12288:kajzn2qD+5+Sp1FEXPI18GQ/TSVA7T7qoX3Tmq:njznla+SFEA8tLSzGTm
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-