General
-
Target
LETTER OF AUTHORIZATION.exe
-
Size
482KB
-
Sample
240629-cmmggs1hrn
-
MD5
bfc623937cdfb8cd4090cdea7d6f4425
-
SHA1
1bfff971e1f21196ef80b24041ae0d962ce8decd
-
SHA256
a163d18a93ea4bee62762da2d1dfc7d0a2644428fc868fabcb4347cbcf17cc62
-
SHA512
e3fbf69edcfc9c0051291b13349b9ef6db64a070d07655158eaf71b9beb789bc8f985d2dfc77ca1585b535a3a79ce473d16267735c5864b4d2cd48f29f03300c
-
SSDEEP
12288:wXuBtAjdcuDYjaxoerJuBIT4ZASlwoUIKeik/6LOeq:mufAjd0VeroBIcJ+26LJ
Static task
static1
Behavioral task
behavioral1
Sample
LETTER OF AUTHORIZATION.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
LETTER OF AUTHORIZATION.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
valleycountysar.org - Port:
26 - Username:
[email protected] - Password:
fY,FLoadtsiF
Targets
-
-
Target
LETTER OF AUTHORIZATION.exe
-
Size
482KB
-
MD5
bfc623937cdfb8cd4090cdea7d6f4425
-
SHA1
1bfff971e1f21196ef80b24041ae0d962ce8decd
-
SHA256
a163d18a93ea4bee62762da2d1dfc7d0a2644428fc868fabcb4347cbcf17cc62
-
SHA512
e3fbf69edcfc9c0051291b13349b9ef6db64a070d07655158eaf71b9beb789bc8f985d2dfc77ca1585b535a3a79ce473d16267735c5864b4d2cd48f29f03300c
-
SSDEEP
12288:wXuBtAjdcuDYjaxoerJuBIT4ZASlwoUIKeik/6LOeq:mufAjd0VeroBIcJ+26LJ
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-