General
-
Target
4c38813ca8fc7a8a94acab611b0d5a8f64592e6c8e5df52e35b7182cdec8dab0.exe
-
Size
826KB
-
Sample
240704-bsyahaxalp
-
MD5
68bcd11da168bcd33c61adfe6cf8b2b3
-
SHA1
2c1233fb5a6e73a8cf5b97248f771ca92f3776dc
-
SHA256
4c38813ca8fc7a8a94acab611b0d5a8f64592e6c8e5df52e35b7182cdec8dab0
-
SHA512
9fdb2a0615a85354c6f1588e5ee2d8685b0d6f1e1d0913440090df9d704f87a84f5131fd978a0acfad2e46380b3b925907c57745b57b7466d6ee38c39b59b563
-
SSDEEP
12288:B61ODNf+wYk4ezUlsvU6PnfdLEoB+q0yJsIYScFpy7w88Uk8/6Tk976QCAxGXgXM:X4ezUqTRGpIYSupf8v/6Tkl6EGQgxN7
Static task
static1
Behavioral task
behavioral1
Sample
4c38813ca8fc7a8a94acab611b0d5a8f64592e6c8e5df52e35b7182cdec8dab0.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
4c38813ca8fc7a8a94acab611b0d5a8f64592e6c8e5df52e35b7182cdec8dab0.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.therealdealboattours.com - Port:
587 - Username:
[email protected] - Password:
success$2022
Targets
-
-
Target
4c38813ca8fc7a8a94acab611b0d5a8f64592e6c8e5df52e35b7182cdec8dab0.exe
-
Size
826KB
-
MD5
68bcd11da168bcd33c61adfe6cf8b2b3
-
SHA1
2c1233fb5a6e73a8cf5b97248f771ca92f3776dc
-
SHA256
4c38813ca8fc7a8a94acab611b0d5a8f64592e6c8e5df52e35b7182cdec8dab0
-
SHA512
9fdb2a0615a85354c6f1588e5ee2d8685b0d6f1e1d0913440090df9d704f87a84f5131fd978a0acfad2e46380b3b925907c57745b57b7466d6ee38c39b59b563
-
SSDEEP
12288:B61ODNf+wYk4ezUlsvU6PnfdLEoB+q0yJsIYScFpy7w88Uk8/6Tk976QCAxGXgXM:X4ezUqTRGpIYSupf8v/6Tkl6EGQgxN7
-
Snake Keylogger payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-