General
-
Target
Contract.exe
-
Size
563KB
-
Sample
240703-1yb2wszdpf
-
MD5
8c2f569ddc16f61e8c7b053cbd94f0b4
-
SHA1
585691bd7c15100b16bc3c49f94a9f9cf9c86477
-
SHA256
f16af6c4a9c6803eb1df399343edceb8a102c47297c1e9b3278c795f61d5e1e9
-
SHA512
ed3a9205c4df6c3531bfa974249face667414a4932862967254a83e0e63bdd7dc95fb79210636f023dd984e15dbc1e65a51226fc1ecfb08f1cbe3d3950d45ee0
-
SSDEEP
12288:aTOvjSANT3ukfoCJU0/Q0P3H0Nho+EHl00DE64MoQksBl7jMkZQV:aT2jFT3ukNJNPXQAHKeEXMx7Qmm
Static task
static1
Behavioral task
behavioral1
Sample
Contract.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
Contract.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.speedhouseoman.com - Port:
587 - Username:
[email protected] - Password:
SpH@0084
Targets
-
-
Target
Contract.exe
-
Size
563KB
-
MD5
8c2f569ddc16f61e8c7b053cbd94f0b4
-
SHA1
585691bd7c15100b16bc3c49f94a9f9cf9c86477
-
SHA256
f16af6c4a9c6803eb1df399343edceb8a102c47297c1e9b3278c795f61d5e1e9
-
SHA512
ed3a9205c4df6c3531bfa974249face667414a4932862967254a83e0e63bdd7dc95fb79210636f023dd984e15dbc1e65a51226fc1ecfb08f1cbe3d3950d45ee0
-
SSDEEP
12288:aTOvjSANT3ukfoCJU0/Q0P3H0Nho+EHl00DE64MoQksBl7jMkZQV:aT2jFT3ukNJNPXQAHKeEXMx7Qmm
-
Snake Keylogger payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-