General
-
Target
9aaf0e13931abe17c27dd943b5835937.bin
-
Size
296KB
-
Sample
240701-c8gs5axcmm
-
MD5
b5a9f765957206db1ecf3026416c6da4
-
SHA1
a84168ef3b51cdf1e28a0788a74b47b76eab26ce
-
SHA256
59c0f6e6f52c153231995d40fd47e9e4c886cd22077bbac65e63ffa355372393
-
SHA512
4573c2b9779fb87e4bba44abfcc52ec48ab20450a840c5542bb40c38cbd21fa69eea96512cde837d8eba0d1a91b70f23e9441a34097072d672af8428fbd3c9fd
-
SSDEEP
6144:UbAdOGwlD7NbJAPYAw7Rsn7lH1N7WELxDViOVaT4cpz9oFhsUhBjGqriPNE:UbnNb6Ms7lVNfiEIgRBjGw4NE
Static task
static1
Behavioral task
behavioral1
Sample
16335a1172a838611368645dab4446c79b750e3159a6d9f95556d420c559f469.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
16335a1172a838611368645dab4446c79b750e3159a6d9f95556d420c559f469.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
valleycountysar.org - Port:
26 - Username:
[email protected] - Password:
fY,FLoadtsiF
Targets
-
-
Target
16335a1172a838611368645dab4446c79b750e3159a6d9f95556d420c559f469.exe
-
Size
482KB
-
MD5
9aaf0e13931abe17c27dd943b5835937
-
SHA1
8db76fa143b6e967cc9fe9b9ed441291ca055009
-
SHA256
16335a1172a838611368645dab4446c79b750e3159a6d9f95556d420c559f469
-
SHA512
05c9a9ba679f7155208c8928d45797c80c301eb46f3670c30759077ccd5edd6a82798bcb2eea325ab598197c4320277294af9ee51a01ac872755bcf206abdd23
-
SSDEEP
6144:wXuAPKbX9sDEXfmgVvUKm0RfeFdDcyfXZXTraIyErhT41fG5QDGiu/byyvDuBRgC:wXuBqDEvmYfsDcyfpXpTh5qDGiEv6BC
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-