General
-
Target
4e415619e7c0afc2f2e58deb353a682795353f0bea3d0b0498d8ddc5c1da6af9.exe
-
Size
521KB
-
Sample
240627-bneycsvcpg
-
MD5
798917173088921d8ba248e941690e11
-
SHA1
88fd67eaf675f2db3e2ad9143bce6d8d3713835c
-
SHA256
4e415619e7c0afc2f2e58deb353a682795353f0bea3d0b0498d8ddc5c1da6af9
-
SHA512
48947b6e3ab56a83220137b3ec4a5cefaa03474affdc521642bf4a4e1a81da0d43730af54c7c01e2aeb86555ffbb5a95cfe2c1ea58b99e6dc940420e49793116
-
SSDEEP
6144:cTVFZInd6Xcfg9UYkn08VxTKv6Io8/i2qvv+bGnJ3GUzF+TgtGim/hImg6pod:c5kndm/knzLKvFo8nqv2iJHtUimOtLd
Static task
static1
Behavioral task
behavioral1
Sample
4e415619e7c0afc2f2e58deb353a682795353f0bea3d0b0498d8ddc5c1da6af9.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
4e415619e7c0afc2f2e58deb353a682795353f0bea3d0b0498d8ddc5c1da6af9.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
valleycountysar.org - Port:
26 - Username:
[email protected] - Password:
i~~Ga+6_-~V*
Targets
-
-
Target
4e415619e7c0afc2f2e58deb353a682795353f0bea3d0b0498d8ddc5c1da6af9.exe
-
Size
521KB
-
MD5
798917173088921d8ba248e941690e11
-
SHA1
88fd67eaf675f2db3e2ad9143bce6d8d3713835c
-
SHA256
4e415619e7c0afc2f2e58deb353a682795353f0bea3d0b0498d8ddc5c1da6af9
-
SHA512
48947b6e3ab56a83220137b3ec4a5cefaa03474affdc521642bf4a4e1a81da0d43730af54c7c01e2aeb86555ffbb5a95cfe2c1ea58b99e6dc940420e49793116
-
SSDEEP
6144:cTVFZInd6Xcfg9UYkn08VxTKv6Io8/i2qvv+bGnJ3GUzF+TgtGim/hImg6pod:c5kndm/knzLKvFo8nqv2iJHtUimOtLd
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-