General
-
Target
Wyciag_79_61102025280000080200145136.rar
-
Size
1.2MB
-
Sample
240702-lnjawszgpn
-
MD5
0f60c05a4005d8e9adc2649028b24b7c
-
SHA1
44de14980a2167b4e3a718e62c20cc4fec38729c
-
SHA256
7351d0a0d19a6efb2230bfa6f588b85c0d54a221adde9d74009114fae4e6f1a8
-
SHA512
26e8d72861e46f06d9a132816516c08d37692bbe0452a9fa1aa99f3a4e6c55a5b39de7cabac629c1f611f9fbdf5b665f2ff7f00f1f10df988e3a349a141694fa
-
SSDEEP
24576:mB0oZJrs+jfrouGIH5xxYk5dkYxdet8NeR2NO9/ogQpUZo/4hD+D:mB3hnjfzH5zYk5Dit8NeR2NpgtZO45+D
Static task
static1
Behavioral task
behavioral1
Sample
CHARLES.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
CHARLES.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.maskottchenpet.com - Port:
26 - Username:
[email protected] - Password:
refaMASK2019* - Email To:
[email protected]
Targets
-
-
Target
CHARLES.exe
-
Size
1.7MB
-
MD5
bb1b2455f59fa0a25524b7ec9baff097
-
SHA1
9fadc578c339425ee59b46b9aae2c1c1472f076c
-
SHA256
a649c2453c27bdf09b5b92207e2bc8041bcfec24819ed7879959361096d7200f
-
SHA512
f17aa003e42920e7e5897280369d78e9a91a7cf51ff92eadf00565bd52931d20131d909835d585bbd7812e40f7389b5df4a8029c124c8d5d5f3b318fa207cffe
-
SSDEEP
49152:NTvC/MTQYxsWR7adX0KD/HqQhPFuWrf1:hjTQYxsWR63iQtFuWrf1
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-