General
-
Target
bed407ef928f705eb4662c4acdd0c422b059e8486165f3e0fb27c700b2da1a22.exe
-
Size
668KB
-
Sample
240703-pl6vysvamf
-
MD5
35548be9c773b276bbe493d9e143a0c1
-
SHA1
0392f6ec9fceb2a6bfd19cd7aebe0edc92384fbc
-
SHA256
bed407ef928f705eb4662c4acdd0c422b059e8486165f3e0fb27c700b2da1a22
-
SHA512
69cd9017f7f8ca26233e42c4e81d9119c6910a0b9e5161d58532e14549cfd7dcb6d03f33271d08a66837b0e854b452c3406803a3e5b5734ea503a4cce127c74c
-
SSDEEP
12288:wpUeoUEz8a0qCpxN5BZMrtuj1+Q/AYH7dUtzCWuw9SXwFxw:YOz8wQxN56KYQ/3H7dUt39SUw
Static task
static1
Behavioral task
behavioral1
Sample
bed407ef928f705eb4662c4acdd0c422b059e8486165f3e0fb27c700b2da1a22.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
bed407ef928f705eb4662c4acdd0c422b059e8486165f3e0fb27c700b2da1a22.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.remidaotel.com - Port:
587 - Username:
[email protected] - Password:
K65ytzx52* - Email To:
[email protected]
https://scratchdreams.tk
Targets
-
-
Target
bed407ef928f705eb4662c4acdd0c422b059e8486165f3e0fb27c700b2da1a22.exe
-
Size
668KB
-
MD5
35548be9c773b276bbe493d9e143a0c1
-
SHA1
0392f6ec9fceb2a6bfd19cd7aebe0edc92384fbc
-
SHA256
bed407ef928f705eb4662c4acdd0c422b059e8486165f3e0fb27c700b2da1a22
-
SHA512
69cd9017f7f8ca26233e42c4e81d9119c6910a0b9e5161d58532e14549cfd7dcb6d03f33271d08a66837b0e854b452c3406803a3e5b5734ea503a4cce127c74c
-
SSDEEP
12288:wpUeoUEz8a0qCpxN5BZMrtuj1+Q/AYH7dUtzCWuw9SXwFxw:YOz8wQxN56KYQ/3H7dUt39SUw
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-