General
-
Target
140a5535a35a820de41ed7441f1278898247a6adbc2594d8a1f34bd9f4715eb4.exe
-
Size
605KB
-
Sample
240627-bfpgtsxamp
-
MD5
7b6d9d0893e80f7384d76e276a55c45d
-
SHA1
00550e16c24efa4f9b1d5f8f7ff8b9f2cb009f03
-
SHA256
140a5535a35a820de41ed7441f1278898247a6adbc2594d8a1f34bd9f4715eb4
-
SHA512
63471530356734e390db5e8cb3ee7d0a04a09a9c76caf3f4b44040e07d05add0e122340fb7f2b7db773316ef9d2988b1778dac86fc9c8a6871ec876cf3024498
-
SSDEEP
12288:83bzRG0DQe+i8BfL55Db2HrD7w/u/WNYAfdyeSYjRr5dbRe:qMiYIr2BaOdyeSYhF
Static task
static1
Behavioral task
behavioral1
Sample
140a5535a35a820de41ed7441f1278898247a6adbc2594d8a1f34bd9f4715eb4.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
140a5535a35a820de41ed7441f1278898247a6adbc2594d8a1f34bd9f4715eb4.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.curtainstore.ae - Port:
587 - Username:
[email protected] - Password:
omar123$$ - Email To:
[email protected]
Targets
-
-
Target
140a5535a35a820de41ed7441f1278898247a6adbc2594d8a1f34bd9f4715eb4.exe
-
Size
605KB
-
MD5
7b6d9d0893e80f7384d76e276a55c45d
-
SHA1
00550e16c24efa4f9b1d5f8f7ff8b9f2cb009f03
-
SHA256
140a5535a35a820de41ed7441f1278898247a6adbc2594d8a1f34bd9f4715eb4
-
SHA512
63471530356734e390db5e8cb3ee7d0a04a09a9c76caf3f4b44040e07d05add0e122340fb7f2b7db773316ef9d2988b1778dac86fc9c8a6871ec876cf3024498
-
SSDEEP
12288:83bzRG0DQe+i8BfL55Db2HrD7w/u/WNYAfdyeSYjRr5dbRe:qMiYIr2BaOdyeSYhF
Score10/10-
Snake Keylogger payload
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables packed with SmartAssembly
-
Detects executables referencing many email and collaboration clients. Observed in information stealers
-
Detects executables with potential process hoocking
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-