General
-
Target
3df94cd33cbf08829a16467c543afe893d3b96744ed921013e16a33e89b5d809.zip
-
Size
544KB
-
Sample
240704-bqjdkawhkj
-
MD5
9edb0194f87890ade94ab8963f5d9f1b
-
SHA1
83c8884468fe61c5aa1b75e94d7e7fdff920235b
-
SHA256
3df94cd33cbf08829a16467c543afe893d3b96744ed921013e16a33e89b5d809
-
SHA512
c1374b2fd2bfa7060d505a0edf5724e4d7f9a2568e65a427f5448466374b89f145d3604ea9a9c79ed0cf369c3ca7e7ea1016cfd88fd682dd26314c6c579c8d0e
-
SSDEEP
12288:kewnxW0a4vGUKxGt9QU0jQ0gEchoRt+YOBIcdpB43787F1UccN:keKY0PuXPBLcAQBIO7E+N0
Static task
static1
Behavioral task
behavioral1
Sample
Contract.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
Contract.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.speedhouseoman.com - Port:
587 - Username:
[email protected] - Password:
SpH@0084
Targets
-
-
Target
Contract.exe
-
Size
563KB
-
MD5
8c2f569ddc16f61e8c7b053cbd94f0b4
-
SHA1
585691bd7c15100b16bc3c49f94a9f9cf9c86477
-
SHA256
f16af6c4a9c6803eb1df399343edceb8a102c47297c1e9b3278c795f61d5e1e9
-
SHA512
ed3a9205c4df6c3531bfa974249face667414a4932862967254a83e0e63bdd7dc95fb79210636f023dd984e15dbc1e65a51226fc1ecfb08f1cbe3d3950d45ee0
-
SSDEEP
12288:aTOvjSANT3ukfoCJU0/Q0P3H0Nho+EHl00DE64MoQksBl7jMkZQV:aT2jFT3ukNJNPXQAHKeEXMx7Qmm
-
Snake Keylogger payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-