General
-
Target
1dbb7ac85b473b9e0cc79d2a523e88d98586642e60f3f9b21ba96fd73a1b6703.exe
-
Size
557KB
-
Sample
240626-bftrjsvdqa
-
MD5
c6be69441366e75b3df4a9cea4c7545b
-
SHA1
26fa365d7607606558bed622bac78ac5c90aed3a
-
SHA256
1dbb7ac85b473b9e0cc79d2a523e88d98586642e60f3f9b21ba96fd73a1b6703
-
SHA512
f15af4c55775dd8623eac9dcc7b85ac29303ec3df056ac237d76e4c9cee513934de483e44f3187940a009c7dc358ff8d5b6f5d624903b5ae8f2e2a98d3d393cb
-
SSDEEP
6144:kdiYBgjxxn1bbti1rMlNPOfgxF9Ld3Bo0f5ofnv+SsR7mO9dsGytWjqbAiZ8Xy7F:kajzn9dRVEvaR7l9dVO
Static task
static1
Behavioral task
behavioral1
Sample
1dbb7ac85b473b9e0cc79d2a523e88d98586642e60f3f9b21ba96fd73a1b6703.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
1dbb7ac85b473b9e0cc79d2a523e88d98586642e60f3f9b21ba96fd73a1b6703.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
valleycountysar.org - Port:
26 - Username:
[email protected] - Password:
fY,FLoadtsiF
Targets
-
-
Target
1dbb7ac85b473b9e0cc79d2a523e88d98586642e60f3f9b21ba96fd73a1b6703.exe
-
Size
557KB
-
MD5
c6be69441366e75b3df4a9cea4c7545b
-
SHA1
26fa365d7607606558bed622bac78ac5c90aed3a
-
SHA256
1dbb7ac85b473b9e0cc79d2a523e88d98586642e60f3f9b21ba96fd73a1b6703
-
SHA512
f15af4c55775dd8623eac9dcc7b85ac29303ec3df056ac237d76e4c9cee513934de483e44f3187940a009c7dc358ff8d5b6f5d624903b5ae8f2e2a98d3d393cb
-
SSDEEP
6144:kdiYBgjxxn1bbti1rMlNPOfgxF9Ld3Bo0f5ofnv+SsR7mO9dsGytWjqbAiZ8Xy7F:kajzn9dRVEvaR7l9dVO
Score10/10-
Snake Keylogger payload
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables referencing many email and collaboration clients. Observed in information stealers
-
Detects executables with potential process hoocking
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-