General
-
Target
ce8d8f5b2708fb0a26ac9ce32c303779179ff58297279c834fd8220b77154680.exe
-
Size
213KB
-
Sample
240702-chldmawcmn
-
MD5
27af175b8006ce6c2376748b21748412
-
SHA1
ec6b0f34dbe9294a82dcc379b3de2b744f5d65ea
-
SHA256
ce8d8f5b2708fb0a26ac9ce32c303779179ff58297279c834fd8220b77154680
-
SHA512
fa9692944fadd680c07bcfb6627f561f809e97142b41d98605c2d4034abf576ec87becd47eb4ad385d7c6d180a5d6264fe979446f4c152e4eb1fedd6e6fd69d4
-
SSDEEP
3072:lhgaMehpuSXYIdP/1pnVLjIvwHyV9YOsUw2hIE3JoN8EheTgc33FgO:FBLrXzn1pnV/gse9yvbE5ovh3
Static task
static1
Behavioral task
behavioral1
Sample
ce8d8f5b2708fb0a26ac9ce32c303779179ff58297279c834fd8220b77154680.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
ce8d8f5b2708fb0a26ac9ce32c303779179ff58297279c834fd8220b77154680.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
valleycountysar.org - Port:
26 - Username:
[email protected] - Password:
iU0Ta!$K8L51 - Email To:
[email protected]
Targets
-
-
Target
ce8d8f5b2708fb0a26ac9ce32c303779179ff58297279c834fd8220b77154680.exe
-
Size
213KB
-
MD5
27af175b8006ce6c2376748b21748412
-
SHA1
ec6b0f34dbe9294a82dcc379b3de2b744f5d65ea
-
SHA256
ce8d8f5b2708fb0a26ac9ce32c303779179ff58297279c834fd8220b77154680
-
SHA512
fa9692944fadd680c07bcfb6627f561f809e97142b41d98605c2d4034abf576ec87becd47eb4ad385d7c6d180a5d6264fe979446f4c152e4eb1fedd6e6fd69d4
-
SSDEEP
3072:lhgaMehpuSXYIdP/1pnVLjIvwHyV9YOsUw2hIE3JoN8EheTgc33FgO:FBLrXzn1pnV/gse9yvbE5ovh3
Score10/10-
Snake Keylogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-