General
-
Target
68bcd11da168bcd33c61adfe6cf8b2b3.bin
-
Size
784KB
-
Sample
240705-ccrcpazcqm
-
MD5
b35aee65729703f33cfea0a361b8857f
-
SHA1
8262f12e223e2becf328e71593c83106e2a5fb7e
-
SHA256
9007e48e96d61bd39071800d148a9c9817ece0ef5ec22e71ddef419b179d352a
-
SHA512
376828ed398be84968ec2caf16805d179f56eb51add602dbf0bf91a4cc2f1f54405f059119bdf99ca6ed4a460f3e90b264ce7e1371f84ef41fbc398e449532e6
-
SSDEEP
12288:LJhLqBl6+GGlsoWPc0u5WSIkWieIDlYiJH29doeCUY9EFhfGh1KtXubpEdFvQubp:LJhquGGcb5tMVI5J29doexbFYmFYu1
Static task
static1
Behavioral task
behavioral1
Sample
4c38813ca8fc7a8a94acab611b0d5a8f64592e6c8e5df52e35b7182cdec8dab0.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
4c38813ca8fc7a8a94acab611b0d5a8f64592e6c8e5df52e35b7182cdec8dab0.exe
Resource
win10v2004-20240704-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.therealdealboattours.com - Port:
587 - Username:
[email protected] - Password:
success$2022
Targets
-
-
Target
4c38813ca8fc7a8a94acab611b0d5a8f64592e6c8e5df52e35b7182cdec8dab0.exe
-
Size
826KB
-
MD5
68bcd11da168bcd33c61adfe6cf8b2b3
-
SHA1
2c1233fb5a6e73a8cf5b97248f771ca92f3776dc
-
SHA256
4c38813ca8fc7a8a94acab611b0d5a8f64592e6c8e5df52e35b7182cdec8dab0
-
SHA512
9fdb2a0615a85354c6f1588e5ee2d8685b0d6f1e1d0913440090df9d704f87a84f5131fd978a0acfad2e46380b3b925907c57745b57b7466d6ee38c39b59b563
-
SSDEEP
12288:B61ODNf+wYk4ezUlsvU6PnfdLEoB+q0yJsIYScFpy7w88Uk8/6Tk976QCAxGXgXM:X4ezUqTRGpIYSupf8v/6Tkl6EGQgxN7
-
Snake Keylogger payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-