General
-
Target
new purchase order.exe
-
Size
557KB
-
Sample
240625-j5j8ea1gmk
-
MD5
17a110264eed416c74be361ce17698d1
-
SHA1
7ceb60ab6f0980d2451b46919b2e2a661fb050da
-
SHA256
ee55bc0e99a3c75f30a2cee23b19f17a0b21860b052c9b51ecbc991388b27df6
-
SHA512
fbc0ef2be617afd57bedd133e5bedfe780f19f4edf0e9c64c04651fde93a2656bc964166765a74ed1767b0b701c95b6787e6cbf6f0f3f52a1c7b13d0e96f485f
-
SSDEEP
12288:kajznV3Ni+Q5917k/z60nPfq5S2tVjeyzVE:njznNNi+Q5A/20Pfq5SieyzV
Static task
static1
Behavioral task
behavioral1
Sample
new purchase order.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
new purchase order.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
valleycountysar.org - Port:
26 - Username:
[email protected] - Password:
fY,FLoadtsiF
Targets
-
-
Target
new purchase order.exe
-
Size
557KB
-
MD5
17a110264eed416c74be361ce17698d1
-
SHA1
7ceb60ab6f0980d2451b46919b2e2a661fb050da
-
SHA256
ee55bc0e99a3c75f30a2cee23b19f17a0b21860b052c9b51ecbc991388b27df6
-
SHA512
fbc0ef2be617afd57bedd133e5bedfe780f19f4edf0e9c64c04651fde93a2656bc964166765a74ed1767b0b701c95b6787e6cbf6f0f3f52a1c7b13d0e96f485f
-
SSDEEP
12288:kajznV3Ni+Q5917k/z60nPfq5S2tVjeyzVE:njznNNi+Q5A/20Pfq5SieyzV
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-