General
-
Target
dd93e71cdd590d9c74d24a1b822948e7501b7a38df590d4d52ddf3e862a0cb2d.exe
-
Size
1.8MB
-
Sample
240701-bq6h4asame
-
MD5
0c5a964f9cbf2fec077302e6baa7316f
-
SHA1
d0593ff771d4cf489903b807aa93f29f5a51f0b5
-
SHA256
dd93e71cdd590d9c74d24a1b822948e7501b7a38df590d4d52ddf3e862a0cb2d
-
SHA512
4947d5c0632be00af4ae33700eb85a82daea3f2e1a373b8e454a7103a6959e7f31b973c135ae498b3c70da1c12cdf3482bf43ad3abf92ce7af3f3a54d47a6817
-
SSDEEP
12288:g6R0Jt0zWWrUufKjFokZGX+KxITevb8OaAN:gi0Jt9W6FovBx3DV
Static task
static1
Behavioral task
behavioral1
Sample
dd93e71cdd590d9c74d24a1b822948e7501b7a38df590d4d52ddf3e862a0cb2d.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
dd93e71cdd590d9c74d24a1b822948e7501b7a38df590d4d52ddf3e862a0cb2d.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
valleycountysar.org - Port:
26 - Username:
[email protected] - Password:
fY,FLoadtsiF
Targets
-
-
Target
dd93e71cdd590d9c74d24a1b822948e7501b7a38df590d4d52ddf3e862a0cb2d.exe
-
Size
1.8MB
-
MD5
0c5a964f9cbf2fec077302e6baa7316f
-
SHA1
d0593ff771d4cf489903b807aa93f29f5a51f0b5
-
SHA256
dd93e71cdd590d9c74d24a1b822948e7501b7a38df590d4d52ddf3e862a0cb2d
-
SHA512
4947d5c0632be00af4ae33700eb85a82daea3f2e1a373b8e454a7103a6959e7f31b973c135ae498b3c70da1c12cdf3482bf43ad3abf92ce7af3f3a54d47a6817
-
SSDEEP
12288:g6R0Jt0zWWrUufKjFokZGX+KxITevb8OaAN:gi0Jt9W6FovBx3DV
Score10/10-
Snake Keylogger payload
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables packed with or use KoiVM
-
Detects executables referencing many email and collaboration clients. Observed in information stealers
-
Detects executables with potential process hoocking
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-