General
-
Target
c2cea2c500b0bf93e0af89d6cf07f46586b44d86613d331c0079c1eef108674e.zip
-
Size
283KB
-
Sample
240627-bz8ptaydlm
-
MD5
ff22bd074de4662376a16b19f8cb2ff8
-
SHA1
1f736d7525b82d4a109ff46dc2e7abd19978845b
-
SHA256
c2cea2c500b0bf93e0af89d6cf07f46586b44d86613d331c0079c1eef108674e
-
SHA512
d76a1e260c4e16bcc7ccb96913856ef5ff173e2bfcf4a6b0870f770648d7ade91972e347b790b8b2f69d44143d91e4ea1da0662f431c57310683c8fa7f8b16c9
-
SSDEEP
6144:u+Yrhl4wHQf8Eoxvu5Ii8+9HyB3bnn4lV+RgME6c1WLM:u+iUIQf8Jxvyw+9eTqUgIc1W4
Static task
static1
Behavioral task
behavioral1
Sample
new contract.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
new contract.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
webmail.valleycountysar.org - Port:
465 - Username:
[email protected] - Password:
DKw(r0%wpbd]
https://api.telegram.org/bot6812788177:AAHJ7__ozL0XtBMeO1hcjgFB8ECV3bh5yjg/sendMessage?chat_id=5007084465
Targets
-
-
Target
new contract.exe
-
Size
521KB
-
MD5
a62161fb37a0da7fbfb3913ce4aecb2c
-
SHA1
2d994e85cf444c5b784d55a52c676b9773b27758
-
SHA256
f2101696ff6fb8e2171fe666df358500c675246fcbdf4620fe2961be8e5fb316
-
SHA512
bc08e560c8cc81c3cce3e2f33d3991e87fc27e4e5473fdb149698cad34a9c7dfbb47e75fdce2e263a0385368090e8a99eeec61a9666f1058b91ba802c966da4c
-
SSDEEP
12288:c5kndm17d93IfLZS9oOarFK+Wbi1vk6i:HngZ7IfLZSR3/bGs6i
Score10/10-
Snake Keylogger payload
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables referencing many email and collaboration clients. Observed in information stealers
-
Detects executables with potential process hoocking
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-