General
-
Target
Details.exe
-
Size
481KB
-
Sample
240702-cp5e3swekn
-
MD5
a8a7ded2a82dc5650d018a55944ed7f6
-
SHA1
78ea0f8f73c8533b21900e20242df96ec1c56ce0
-
SHA256
cdb27cbc1e485ca7b7c3f4f2eb90015befdf7991cb5742814ccf0c18bea2af11
-
SHA512
3e2878b6cc46a71556e0f57e5b92c51595e39fe069d16974ee79f9f7ea9cbe9d073d2c467049862b6f23fff404bb8714e1919e39621606e4052e01e50e8cbce7
-
SSDEEP
6144:ZXuAPKbl6eAs+AYJAmp1sWosos1kKBY0SQBhhASbOF7HAAPq/XtLMfFUYK8tvlC8:ZXuBxOukAVzAAylLMfCYK8tv
Static task
static1
Behavioral task
behavioral1
Sample
Details.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
Details.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
valleycountysar.org - Port:
26 - Username:
[email protected] - Password:
fY,FLoadtsiF
Targets
-
-
Target
Details.exe
-
Size
481KB
-
MD5
a8a7ded2a82dc5650d018a55944ed7f6
-
SHA1
78ea0f8f73c8533b21900e20242df96ec1c56ce0
-
SHA256
cdb27cbc1e485ca7b7c3f4f2eb90015befdf7991cb5742814ccf0c18bea2af11
-
SHA512
3e2878b6cc46a71556e0f57e5b92c51595e39fe069d16974ee79f9f7ea9cbe9d073d2c467049862b6f23fff404bb8714e1919e39621606e4052e01e50e8cbce7
-
SSDEEP
6144:ZXuAPKbl6eAs+AYJAmp1sWosos1kKBY0SQBhhASbOF7HAAPq/XtLMfFUYK8tvlC8:ZXuBxOukAVzAAylLMfCYK8tv
Score10/10-
Snake Keylogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-