General
-
Target
vsl particulars packing list.exe
-
Size
482KB
-
Sample
240629-ett61stenk
-
MD5
62dc32408fe1ad6e37af98334cf40b1a
-
SHA1
ffdf293a119e9cdc670a13c9a40a46185a9701da
-
SHA256
438c9ce6e0b21ec7623f86a2f3e7f1810df1afce1515a5f24d1453a5cacdd74d
-
SHA512
3bdfb9da5ebc93ba13289b9fb357390d192d1ba3fa1d4f79b93b31ee28b0100ce8569701d40aea02d6ab1f3b5231d051e8f46ec263985496ee45c367ae023a13
-
SSDEEP
6144:wXuAPKb4NrWk4xaOD0503DvoveWR2HyVR8pOIf4sLPxRRi+gtM9Af7zCTC6qbGk1:wXuBCrWfxakYeWRx8pz7RRIkU0Dq
Static task
static1
Behavioral task
behavioral1
Sample
vsl particulars packing list.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
vsl particulars packing list.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
valleycountysar.org - Port:
26 - Username:
[email protected] - Password:
fY,FLoadtsiF
Targets
-
-
Target
vsl particulars packing list.exe
-
Size
482KB
-
MD5
62dc32408fe1ad6e37af98334cf40b1a
-
SHA1
ffdf293a119e9cdc670a13c9a40a46185a9701da
-
SHA256
438c9ce6e0b21ec7623f86a2f3e7f1810df1afce1515a5f24d1453a5cacdd74d
-
SHA512
3bdfb9da5ebc93ba13289b9fb357390d192d1ba3fa1d4f79b93b31ee28b0100ce8569701d40aea02d6ab1f3b5231d051e8f46ec263985496ee45c367ae023a13
-
SSDEEP
6144:wXuAPKb4NrWk4xaOD0503DvoveWR2HyVR8pOIf4sLPxRRi+gtM9Af7zCTC6qbGk1:wXuBCrWfxakYeWRx8pz7RRIkU0Dq
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-