General
-
Target
e80d50169fc57630d4b0c5c53a321ccd86797779bababefff31268224f1a4163.exe
-
Size
537KB
-
Sample
240701-rrve8awfmb
-
MD5
119685d67c747bc9fe473e98d4f37f48
-
SHA1
12523edc262cf3c0e37be13a2aa2e49db7043439
-
SHA256
e80d50169fc57630d4b0c5c53a321ccd86797779bababefff31268224f1a4163
-
SHA512
bcf5fd9f4eb4d62529f16afea7315197e1779493646b0c2db9ee4bda7cb965122fa77d80476f07af4b52afe48f18e0b8a1a8f8ea67b6e55b17ccdd2fdd080723
-
SSDEEP
12288:fn3Kpgo/C7vHH2cJ1JkRA4R06mgJuqsJv/v+MLuSn:vnvHXJkRFRzJ4v/BLB
Static task
static1
Behavioral task
behavioral1
Sample
e80d50169fc57630d4b0c5c53a321ccd86797779bababefff31268224f1a4163.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
e80d50169fc57630d4b0c5c53a321ccd86797779bababefff31268224f1a4163.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.valleycountysar.org - Port:
587 - Username:
[email protected] - Password:
DKw(r0%wpbd]
http://103.130.147.85
Targets
-
-
Target
e80d50169fc57630d4b0c5c53a321ccd86797779bababefff31268224f1a4163.exe
-
Size
537KB
-
MD5
119685d67c747bc9fe473e98d4f37f48
-
SHA1
12523edc262cf3c0e37be13a2aa2e49db7043439
-
SHA256
e80d50169fc57630d4b0c5c53a321ccd86797779bababefff31268224f1a4163
-
SHA512
bcf5fd9f4eb4d62529f16afea7315197e1779493646b0c2db9ee4bda7cb965122fa77d80476f07af4b52afe48f18e0b8a1a8f8ea67b6e55b17ccdd2fdd080723
-
SSDEEP
12288:fn3Kpgo/C7vHH2cJ1JkRA4R06mgJuqsJv/v+MLuSn:vnvHXJkRFRzJ4v/BLB
Score10/10-
Snake Keylogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-