General
-
Target
a4052a6663acc950f95ea27ecf872887f640b99ede1eabf6cf4fbf495623c9c9
-
Size
484KB
-
Sample
240703-aszmwsxgle
-
MD5
2941b1d5ed9dcdf79878bdda9409dd39
-
SHA1
675e88dc2ea5af96919406651c7da7cac2c18f70
-
SHA256
a4052a6663acc950f95ea27ecf872887f640b99ede1eabf6cf4fbf495623c9c9
-
SHA512
f77d5849d48dc16e7fdb0400ceb5b7e173fd6095e998ea8b8d278da515b197b67430724210df3c8dd0cdcfcaed10c4091760388a234deab20c480c4a8e210936
-
SSDEEP
12288:KrNyIqNSIW7+kZbmt1pgUUCNo/mgPyYiGHLRkRqDC:KxyFXAZmt15NoAYlH4Z
Static task
static1
Behavioral task
behavioral1
Sample
f3c462280fd1964d68c76ff6889bd3c766fa7140c07962dda32c0cb488188695.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
f3c462280fd1964d68c76ff6889bd3c766fa7140c07962dda32c0cb488188695.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
valleycountysar.org - Port:
26 - Username:
[email protected] - Password:
fY,FLoadtsiF
Targets
-
-
Target
f3c462280fd1964d68c76ff6889bd3c766fa7140c07962dda32c0cb488188695.exe
-
Size
1.5MB
-
MD5
ec3fe16c54946213c717a27606f70243
-
SHA1
d11efe4e0f949ff6b14929cd30ae146c1b4a11c9
-
SHA256
f3c462280fd1964d68c76ff6889bd3c766fa7140c07962dda32c0cb488188695
-
SHA512
66125f727ec27d3e1da5c87953e46e928b000d564c784b919ba0b558efe4aa080a2f310e729f03b113ab02bc5aea390bb60a6829d3d586fab414b430d40eab04
-
SSDEEP
12288:1hNsCbYGek5/68cYvmjZxVcsK3SCv6vcuqVuMDCqg0h+:14CF/6V1xNK3SnUrRh+
Score10/10-
Snake Keylogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-