General
-
Target
cd91a8ee7b116dc8b588c84aee6e5c888d771ed06c21309852d5c8a48cf99a4d.zip
-
Size
292KB
-
Sample
240627-b2ws2ayekn
-
MD5
c56a9cc22ad04dc3bdf92521c8b87e05
-
SHA1
aef16025568b11c1a46f382e69dd3cd4d07ccbef
-
SHA256
cd91a8ee7b116dc8b588c84aee6e5c888d771ed06c21309852d5c8a48cf99a4d
-
SHA512
336aa61920d42de3038227e8d9f1b752032c3db314e3293ad90654d4ec5a6dc11246553dc9bc1060500bc7fef3771865fda68e05ea22c284bfd299f0cb749263
-
SSDEEP
6144:4zor+qlPEUBtBV5F/ARFpF6pnAaggo11o9M7OsxJL6t9ZXjT:68/tEUBrLdAuD/B9MVx9mfX
Static task
static1
Behavioral task
behavioral1
Sample
new purchase order.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
new purchase order.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
valleycountysar.org - Port:
26 - Username:
[email protected] - Password:
fY,FLoadtsiF
Targets
-
-
Target
new purchase order.exe
-
Size
557KB
-
MD5
17a110264eed416c74be361ce17698d1
-
SHA1
7ceb60ab6f0980d2451b46919b2e2a661fb050da
-
SHA256
ee55bc0e99a3c75f30a2cee23b19f17a0b21860b052c9b51ecbc991388b27df6
-
SHA512
fbc0ef2be617afd57bedd133e5bedfe780f19f4edf0e9c64c04651fde93a2656bc964166765a74ed1767b0b701c95b6787e6cbf6f0f3f52a1c7b13d0e96f485f
-
SSDEEP
12288:kajznV3Ni+Q5917k/z60nPfq5S2tVjeyzVE:njznNNi+Q5A/20Pfq5SieyzV
Score10/10-
Snake Keylogger payload
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables referencing many email and collaboration clients. Observed in information stealers
-
Detects executables with potential process hoocking
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-