General
-
Target
tmpiimfce3e
-
Size
521KB
-
Sample
240628-rkjedawhlp
-
MD5
426555bcad5afe20ed0cbaac5fd720da
-
SHA1
94e217ac539bfc830581dcf56aa03f8c7bf926be
-
SHA256
3c6b18f1ed97b080e9e72e66141d089a43db9698320854382009ef1b9d5ccc16
-
SHA512
95e0d69324f726531076af5076f1e97d3120dba3a30a9df2b68269f1d36526429d0e6bad198e29a8eeac36952e1b335ce1f3a9cb0a61e7b2d9d1372cd59a44de
-
SSDEEP
12288:c5kndm6oduitZWCxbLzRyCQSB2NcSpUbubuF4a0kR9:Hng6oQiSCJM/S2Ptg4hkR9
Static task
static1
Behavioral task
behavioral1
Sample
tmpiimfce3e.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
tmpiimfce3e.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
valleycountysar.org - Port:
26 - Username:
[email protected] - Password:
fY,FLoadtsiF
Targets
-
-
Target
tmpiimfce3e
-
Size
521KB
-
MD5
426555bcad5afe20ed0cbaac5fd720da
-
SHA1
94e217ac539bfc830581dcf56aa03f8c7bf926be
-
SHA256
3c6b18f1ed97b080e9e72e66141d089a43db9698320854382009ef1b9d5ccc16
-
SHA512
95e0d69324f726531076af5076f1e97d3120dba3a30a9df2b68269f1d36526429d0e6bad198e29a8eeac36952e1b335ce1f3a9cb0a61e7b2d9d1372cd59a44de
-
SSDEEP
12288:c5kndm6oduitZWCxbLzRyCQSB2NcSpUbubuF4a0kR9:Hng6oQiSCJM/S2Ptg4hkR9
Score10/10-
Snake Keylogger payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-