General
-
Target
f2101696ff6fb8e2171fe666df358500c675246fcbdf4620fe2961be8e5fb316.exe
-
Size
521KB
-
Sample
240627-b66h2awemf
-
MD5
a62161fb37a0da7fbfb3913ce4aecb2c
-
SHA1
2d994e85cf444c5b784d55a52c676b9773b27758
-
SHA256
f2101696ff6fb8e2171fe666df358500c675246fcbdf4620fe2961be8e5fb316
-
SHA512
bc08e560c8cc81c3cce3e2f33d3991e87fc27e4e5473fdb149698cad34a9c7dfbb47e75fdce2e263a0385368090e8a99eeec61a9666f1058b91ba802c966da4c
-
SSDEEP
12288:c5kndm17d93IfLZS9oOarFK+Wbi1vk6i:HngZ7IfLZSR3/bGs6i
Static task
static1
Behavioral task
behavioral1
Sample
f2101696ff6fb8e2171fe666df358500c675246fcbdf4620fe2961be8e5fb316.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
f2101696ff6fb8e2171fe666df358500c675246fcbdf4620fe2961be8e5fb316.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
webmail.valleycountysar.org - Port:
465 - Username:
[email protected] - Password:
DKw(r0%wpbd]
https://api.telegram.org/bot6812788177:AAHJ7__ozL0XtBMeO1hcjgFB8ECV3bh5yjg/sendMessage?chat_id=5007084465
Targets
-
-
Target
f2101696ff6fb8e2171fe666df358500c675246fcbdf4620fe2961be8e5fb316.exe
-
Size
521KB
-
MD5
a62161fb37a0da7fbfb3913ce4aecb2c
-
SHA1
2d994e85cf444c5b784d55a52c676b9773b27758
-
SHA256
f2101696ff6fb8e2171fe666df358500c675246fcbdf4620fe2961be8e5fb316
-
SHA512
bc08e560c8cc81c3cce3e2f33d3991e87fc27e4e5473fdb149698cad34a9c7dfbb47e75fdce2e263a0385368090e8a99eeec61a9666f1058b91ba802c966da4c
-
SSDEEP
12288:c5kndm17d93IfLZS9oOarFK+Wbi1vk6i:HngZ7IfLZSR3/bGs6i
Score10/10-
Snake Keylogger payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-