General
-
Target
z1MB267382625AE.exe
-
Size
1.7MB
-
Sample
240626-zxqm8awgjm
-
MD5
f0a7781c9a02f82dbf8da76b84ca87fc
-
SHA1
d06d67bb9d00f66d0517ffd9d32c703f00b33640
-
SHA256
cf373d59d88f1f5ef32f5a9f9c39d00cab9d6befc520a851f22580b7b875085b
-
SHA512
c8eab7b5c6c1d21ac47764ec978fe5b12260fc3f8d4a57a5939bc5d7e0707eee03c1631e1945087d200974e9b0fb621ca739596af9ecf28b47b430b21b0a1beb
-
SSDEEP
49152:vOD+bTI6YTDml4HJPHDQkOBU0f9iygcrxZ3aU5ZqIrRo2ht1N1avkoU:uv85H
Static task
static1
Behavioral task
behavioral1
Sample
z1MB267382625AE.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
z1MB267382625AE.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.speedhouseoman.com - Port:
587 - Username:
[email protected] - Password:
SpH@0084
Targets
-
-
Target
z1MB267382625AE.exe
-
Size
1.7MB
-
MD5
f0a7781c9a02f82dbf8da76b84ca87fc
-
SHA1
d06d67bb9d00f66d0517ffd9d32c703f00b33640
-
SHA256
cf373d59d88f1f5ef32f5a9f9c39d00cab9d6befc520a851f22580b7b875085b
-
SHA512
c8eab7b5c6c1d21ac47764ec978fe5b12260fc3f8d4a57a5939bc5d7e0707eee03c1631e1945087d200974e9b0fb621ca739596af9ecf28b47b430b21b0a1beb
-
SSDEEP
49152:vOD+bTI6YTDml4HJPHDQkOBU0f9iygcrxZ3aU5ZqIrRo2ht1N1avkoU:uv85H
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-