General
-
Target
02072024_1548_01072024_PM114079-990528.zip
-
Size
294KB
-
Sample
240702-s8ydwatfmr
-
MD5
a24affdd254942cb718371f9abb290e2
-
SHA1
85db6b0ff703ecf6bc7ae3cc8824ffd1240c4c0c
-
SHA256
ed50e1b524d3da88c9273fa7e4a0235db1f42a794daa3daff3b268fae3ea6596
-
SHA512
358cf48038849a177d31b8330d9631615fd19de8443b24a76b264662a18e39cb2158629c5d0a39aa9b77c2efbb72a991c6ecdd70fcf99ee3fe220fdc11551b33
-
SSDEEP
6144:VD4qSIys/+VCDoMnvOJqWx3fuPIWQpr16bF6:atDs/wioMnvO1x3fuPIt/O6
Static task
static1
Behavioral task
behavioral1
Sample
PM114079-990528.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
PM114079-990528.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
valleycountysar.org - Port:
26 - Username:
[email protected] - Password:
fY,FLoadtsiF
Targets
-
-
Target
PM114079-990528.exe
-
Size
481KB
-
MD5
9f259b3c899293bc12c9397e010f9e40
-
SHA1
af9c1736e4b3fdb69e3e22a70953872257335c89
-
SHA256
683b3c223e311088d28b4d7ee52e207d8593836887a359a9cdb3b5535f305aa3
-
SHA512
e12e2ccf1a57b492409c4ce3af237972b11b1b8c126f2b6ad7d56a0b3ef601a226259c5d8706819c95319614a38fa2d2890a62e7f9ce816acf2c445c8529b495
-
SSDEEP
6144:ZXuAPKbl6eAs+AYJAmp1sWososBPBY0SQBhhASbOF7HAAPq/XtLMfFUYK8tvFCkt:ZXuBxOKkAVzAAylLMfCYK8tv
Score10/10-
Snake Keylogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-