General
-
Target
vsl particulars packing list.exe
-
Size
1.5MB
-
Sample
240630-s2r9aazeqg
-
MD5
ec3fe16c54946213c717a27606f70243
-
SHA1
d11efe4e0f949ff6b14929cd30ae146c1b4a11c9
-
SHA256
f3c462280fd1964d68c76ff6889bd3c766fa7140c07962dda32c0cb488188695
-
SHA512
66125f727ec27d3e1da5c87953e46e928b000d564c784b919ba0b558efe4aa080a2f310e729f03b113ab02bc5aea390bb60a6829d3d586fab414b430d40eab04
-
SSDEEP
12288:1hNsCbYGek5/68cYvmjZxVcsK3SCv6vcuqVuMDCqg0h+:14CF/6V1xNK3SnUrRh+
Static task
static1
Behavioral task
behavioral1
Sample
vsl particulars packing list.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
vsl particulars packing list.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
valleycountysar.org - Port:
26 - Username:
[email protected] - Password:
fY,FLoadtsiF
Targets
-
-
Target
vsl particulars packing list.exe
-
Size
1.5MB
-
MD5
ec3fe16c54946213c717a27606f70243
-
SHA1
d11efe4e0f949ff6b14929cd30ae146c1b4a11c9
-
SHA256
f3c462280fd1964d68c76ff6889bd3c766fa7140c07962dda32c0cb488188695
-
SHA512
66125f727ec27d3e1da5c87953e46e928b000d564c784b919ba0b558efe4aa080a2f310e729f03b113ab02bc5aea390bb60a6829d3d586fab414b430d40eab04
-
SSDEEP
12288:1hNsCbYGek5/68cYvmjZxVcsK3SCv6vcuqVuMDCqg0h+:14CF/6V1xNK3SnUrRh+
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-