General
-
Target
6ef1b5587295ea40447d1e9b4a3530779d568a1bf684241c33790cb8b1e95501.exe
-
Size
825KB
-
Sample
240702-bxap1a1gja
-
MD5
a7530e8548b1c43ec37d872bedec07f5
-
SHA1
985df304b2180a496395a7433839ac3994cb3fbf
-
SHA256
6ef1b5587295ea40447d1e9b4a3530779d568a1bf684241c33790cb8b1e95501
-
SHA512
8f762569386ab220181c7d970d3d2b85abab7e5a99325cd5df2e041dea92bbfbf7acc228f735d862dc2f16ea4c585bded70473efef7084bfc99cfc8d4aea2ba1
-
SSDEEP
12288:7ewO+TW+8LeXbSIrEPrWgV9dxNV31xAm0UuuA+hJdF44gPqbK8TNMxWhYhRT44z6:2Le+9V9dxNh1xANuA+nTKVxWYRT4W
Static task
static1
Behavioral task
behavioral1
Sample
6ef1b5587295ea40447d1e9b4a3530779d568a1bf684241c33790cb8b1e95501.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
6ef1b5587295ea40447d1e9b4a3530779d568a1bf684241c33790cb8b1e95501.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.myanmarblossom.com - Port:
587 - Username:
[email protected] - Password:
tsa211772023kyi - Email To:
[email protected]
http://103.130.147.85
Targets
-
-
Target
6ef1b5587295ea40447d1e9b4a3530779d568a1bf684241c33790cb8b1e95501.exe
-
Size
825KB
-
MD5
a7530e8548b1c43ec37d872bedec07f5
-
SHA1
985df304b2180a496395a7433839ac3994cb3fbf
-
SHA256
6ef1b5587295ea40447d1e9b4a3530779d568a1bf684241c33790cb8b1e95501
-
SHA512
8f762569386ab220181c7d970d3d2b85abab7e5a99325cd5df2e041dea92bbfbf7acc228f735d862dc2f16ea4c585bded70473efef7084bfc99cfc8d4aea2ba1
-
SSDEEP
12288:7ewO+TW+8LeXbSIrEPrWgV9dxNV31xAm0UuuA+hJdF44gPqbK8TNMxWhYhRT44z6:2Le+9V9dxNh1xANuA+nTKVxWYRT4W
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-