General
-
Target
65e2a9349c75ee34280992ed2e7aa548.bin
-
Size
481KB
-
Sample
240702-by4z8s1gmd
-
MD5
aa8e0df0d20500df5b725c2a39e80d73
-
SHA1
f3c1a34d16886c09351929f462712131d28e8d48
-
SHA256
439e74a8249cffddfcfb854525b8016f9f4da588938f6443e388b7f976053b27
-
SHA512
570bb063bc98b1b20678474c7567df06d107c4e22fbffccbe4afad15c2e4d66d909167069baefbccef6d8de215979fab68a6e0a1585fac3273a1a5481d115bdb
-
SSDEEP
12288:9KGIKgR7FrZ4aS5NoYOD32iHU9qKCYMTXuxHjgY7IHdo9n3N:3IKY7FadoYWmBDsuxsY7Iq9nd
Static task
static1
Behavioral task
behavioral1
Sample
552e61ad619a32a252b5a7e52dfee9aff417040e147e34bf0111e3f89dc433aa.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
552e61ad619a32a252b5a7e52dfee9aff417040e147e34bf0111e3f89dc433aa.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
valleycountysar.org - Port:
26 - Username:
[email protected] - Password:
fY,FLoadtsiF
Targets
-
-
Target
552e61ad619a32a252b5a7e52dfee9aff417040e147e34bf0111e3f89dc433aa.exe
-
Size
1.1MB
-
MD5
65e2a9349c75ee34280992ed2e7aa548
-
SHA1
d57c9017e2cbdb589c2698d899ee7f9063e35142
-
SHA256
552e61ad619a32a252b5a7e52dfee9aff417040e147e34bf0111e3f89dc433aa
-
SHA512
c9e75dc48d42b67cada4b0e91123439c39d1609f241c40e39b0e7461befc1f9016e1c0e13f4046f9c3556284e5ff7befbd810c1bdf48fa7744fe510678c07796
-
SSDEEP
12288:7fioXCFj7X9WyhW9f1hL5JyqPY3dhaGIUZo6Pku:eoX4tWb1Jy/hvhK6Pt
Score10/10-
Snake Keylogger payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-