General
-
Target
26062024_1627_25062024_MV GOLDEN SCHULTE.zip
-
Size
284KB
-
Sample
240626-tx5t9asera
-
MD5
e1127bad0e642dca95cfaf92ef4ffac8
-
SHA1
323c83cb1bc1b7d987b0948a3d846b5e0e314e59
-
SHA256
30b5c5e17b30ad6a2a65a762683b5b6b74583f2a9cbf731db136874521a6c298
-
SHA512
8b3d589139fc9f2bcaebce8c9c414295cf62de43d46a6c3a71a8846769b4d95f4c88c489495b7b454de5148fd6a7765964de5a8e25edf11922994832a7f83539
-
SSDEEP
6144:D+YmCy3T6IfAhqi1jLIioiKlhupZ2jru15R:D+DCy3irIiPKlhkqI5R
Static task
static1
Behavioral task
behavioral1
Sample
MV GOLDEN SCHULTE.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
MV GOLDEN SCHULTE.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
valleycountysar.org - Port:
26 - Username:
[email protected] - Password:
fY,FLoadtsiF
Targets
-
-
Target
MV GOLDEN SCHULTE.exe
-
Size
521KB
-
MD5
cb45d49e68b2c594f6c9bcf7edd6481a
-
SHA1
fa05b81dc9b816e4e8dd51349271e8af273b799b
-
SHA256
771049ea28dc7d93076d1019ff573d8ad9a8c47ca8dec2a8c64be18aec259d03
-
SHA512
8538a493ead6c65d2aac98c9b56b53b152e0c1699b88b239597ca16173a6980cc862bdba596807d36075befce7a7e6cf8d3baf2218ecd3a0c95e072f594af695
-
SSDEEP
6144:cTVFZInd6Xcfg9UVFuVqsLSccPNJcnkhcYlEHNLpKJjPh2Lu2GyfyRUoXHO8cZlJ:c5kndm7/L2Pd2WyfyFXH5sJQniP
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-