General
-
Target
62dc32408fe1ad6e37af98334cf40b1a.bin
-
Size
296KB
-
Sample
240701-cgn35awdrn
-
MD5
8dcd890449a2622758b978db7a2052f2
-
SHA1
4a579be5e76131f056bb621d53e27b283a5bdb22
-
SHA256
9b6dc356a6b0660585eeea06dabad188ad947f6e37bdc3103a7804cbb55d3a80
-
SHA512
f190845b47ff8de1600570af7a40766116d7b057ad6ab39bff302335349990083c4e20412f21db6bac8c3a3657e8e04714b7b42bb0e3b99208b93f2831733ba3
-
SSDEEP
6144:IFROjUr+QFuKZSlXInkKsc1f03W8J8GSOCIorEo5rFW0W0sJBZfoHv/Au:jArDTglXIZs20Lm7rRrFW0/sJrwHv/P
Static task
static1
Behavioral task
behavioral1
Sample
438c9ce6e0b21ec7623f86a2f3e7f1810df1afce1515a5f24d1453a5cacdd74d.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
438c9ce6e0b21ec7623f86a2f3e7f1810df1afce1515a5f24d1453a5cacdd74d.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
valleycountysar.org - Port:
26 - Username:
[email protected] - Password:
fY,FLoadtsiF
Targets
-
-
Target
438c9ce6e0b21ec7623f86a2f3e7f1810df1afce1515a5f24d1453a5cacdd74d.exe
-
Size
482KB
-
MD5
62dc32408fe1ad6e37af98334cf40b1a
-
SHA1
ffdf293a119e9cdc670a13c9a40a46185a9701da
-
SHA256
438c9ce6e0b21ec7623f86a2f3e7f1810df1afce1515a5f24d1453a5cacdd74d
-
SHA512
3bdfb9da5ebc93ba13289b9fb357390d192d1ba3fa1d4f79b93b31ee28b0100ce8569701d40aea02d6ab1f3b5231d051e8f46ec263985496ee45c367ae023a13
-
SSDEEP
6144:wXuAPKb4NrWk4xaOD0503DvoveWR2HyVR8pOIf4sLPxRRi+gtM9Af7zCTC6qbGk1:wXuBCrWfxakYeWRx8pz7RRIkU0Dq
Score10/10-
Snake Keylogger payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-