General
-
Target
4623fc0fe4c22c9d29e2af2ef5a14c9a2008528aeb98c2130a6ef07e3e51bd27
-
Size
537KB
-
Sample
240702-zvbfhstbql
-
MD5
4ef794be3467839fcff8c714a7757b07
-
SHA1
3a3644ad69e842bc885bfe34978d79eebf91c211
-
SHA256
4623fc0fe4c22c9d29e2af2ef5a14c9a2008528aeb98c2130a6ef07e3e51bd27
-
SHA512
c40d20d6840467e1d31d41f2b988f11f33229591da7614dfd6c3b991f5ea185e92b4267a54f0531248a4cfc4bc53271e15366085170662d64ce5c1d160526b2b
-
SSDEEP
12288:/SY7lhZPW0lvOkdxoNvOPRTrdtJv/v+TLuSn:aYbZZlvnljTv/eLB
Static task
static1
Behavioral task
behavioral1
Sample
4623fc0fe4c22c9d29e2af2ef5a14c9a2008528aeb98c2130a6ef07e3e51bd27.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
4623fc0fe4c22c9d29e2af2ef5a14c9a2008528aeb98c2130a6ef07e3e51bd27.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
valleycountysar.org - Port:
26 - Username:
[email protected] - Password:
fY,FLoadtsiF
http://103.130.147.85
Targets
-
-
Target
4623fc0fe4c22c9d29e2af2ef5a14c9a2008528aeb98c2130a6ef07e3e51bd27
-
Size
537KB
-
MD5
4ef794be3467839fcff8c714a7757b07
-
SHA1
3a3644ad69e842bc885bfe34978d79eebf91c211
-
SHA256
4623fc0fe4c22c9d29e2af2ef5a14c9a2008528aeb98c2130a6ef07e3e51bd27
-
SHA512
c40d20d6840467e1d31d41f2b988f11f33229591da7614dfd6c3b991f5ea185e92b4267a54f0531248a4cfc4bc53271e15366085170662d64ce5c1d160526b2b
-
SSDEEP
12288:/SY7lhZPW0lvOkdxoNvOPRTrdtJv/v+TLuSn:aYbZZlvnljTv/eLB
Score10/10-
Snake Keylogger payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-