General
-
Target
18012659320.zip
-
Size
522KB
-
Sample
240701-fprqrszgnm
-
MD5
269e46d97965ef7cbd0b7929c6f8de74
-
SHA1
bc961c25d69d688d1a5aa4175aad504bfc543a56
-
SHA256
7e079f82ebb90e7ef09c59a018e18b0947edb29c5d0f14d7c201d8e40ab6f29c
-
SHA512
751cc46ea4676b958b758ffc1499a707ba4e137be5f5a58619d21f18ff6447187f4a0bab8129aa1d816a3cd79ec75f5913f48ac256f9e9cb67b0fecded9ebff4
-
SSDEEP
12288:VLR4SWqqOyfj9uoRho7Yhxy9fFc59Bvp31+q6fJx58/1B6:VL2S7h2j8A8459BvV1zak1B6
Static task
static1
Behavioral task
behavioral1
Sample
2ae74498a4bc05fa360233342c3652e7df4dc830e240e500ede97931a11e856e.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
2ae74498a4bc05fa360233342c3652e7df4dc830e240e500ede97931a11e856e.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.artefes.com - Port:
587 - Username:
[email protected] - Password:
ArtEfes4765*+
Targets
-
-
Target
2ae74498a4bc05fa360233342c3652e7df4dc830e240e500ede97931a11e856e
-
Size
588KB
-
MD5
c1eedf3ba4f503e6649bca9ab5b4780f
-
SHA1
a0f9723e89487fd5ef2e305178814ad54b8bb319
-
SHA256
2ae74498a4bc05fa360233342c3652e7df4dc830e240e500ede97931a11e856e
-
SHA512
fe9add3112d842ea1992e0ef9a9f42cb393c2eee7bc274c53a27a3518856701eee0d194900d2f289a369b43a5237d38aaca2403e3de3619bcb13961b20237a65
-
SSDEEP
12288:XuH2jubCawVtC9zTQ0QHwose581Ok7/ys/FWY/T2/1bXc946mBUElkR:XuWUwVO3NOk7R/FJ/Gz/Y
-
Snake Keylogger payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-