General
-
Target
a163d18a93ea4bee62762da2d1dfc7d0a2644428fc868fabcb4347cbcf17cc62.exe
-
Size
482KB
-
Sample
240630-bp2ths1fkf
-
MD5
bfc623937cdfb8cd4090cdea7d6f4425
-
SHA1
1bfff971e1f21196ef80b24041ae0d962ce8decd
-
SHA256
a163d18a93ea4bee62762da2d1dfc7d0a2644428fc868fabcb4347cbcf17cc62
-
SHA512
e3fbf69edcfc9c0051291b13349b9ef6db64a070d07655158eaf71b9beb789bc8f985d2dfc77ca1585b535a3a79ce473d16267735c5864b4d2cd48f29f03300c
-
SSDEEP
12288:wXuBtAjdcuDYjaxoerJuBIT4ZASlwoUIKeik/6LOeq:mufAjd0VeroBIcJ+26LJ
Static task
static1
Behavioral task
behavioral1
Sample
a163d18a93ea4bee62762da2d1dfc7d0a2644428fc868fabcb4347cbcf17cc62.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a163d18a93ea4bee62762da2d1dfc7d0a2644428fc868fabcb4347cbcf17cc62.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
valleycountysar.org - Port:
26 - Username:
[email protected] - Password:
fY,FLoadtsiF
Targets
-
-
Target
a163d18a93ea4bee62762da2d1dfc7d0a2644428fc868fabcb4347cbcf17cc62.exe
-
Size
482KB
-
MD5
bfc623937cdfb8cd4090cdea7d6f4425
-
SHA1
1bfff971e1f21196ef80b24041ae0d962ce8decd
-
SHA256
a163d18a93ea4bee62762da2d1dfc7d0a2644428fc868fabcb4347cbcf17cc62
-
SHA512
e3fbf69edcfc9c0051291b13349b9ef6db64a070d07655158eaf71b9beb789bc8f985d2dfc77ca1585b535a3a79ce473d16267735c5864b4d2cd48f29f03300c
-
SSDEEP
12288:wXuBtAjdcuDYjaxoerJuBIT4ZASlwoUIKeik/6LOeq:mufAjd0VeroBIcJ+26LJ
Score10/10-
Snake Keylogger payload
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables referencing many email and collaboration clients. Observed in information stealers
-
Detects executables with potential process hoocking
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-