General
-
Target
8964d755c2f389912c29fc1e6ae88443aa4f8e854ddd9896b85938d51ebe74ae.ace
-
Size
584KB
-
Sample
240705-whcahavemb
-
MD5
f939e4e486b3a8611b8800a2e5178706
-
SHA1
ea2cdeb96b4e49c8130e2f709e6e1dce9ad4925b
-
SHA256
8964d755c2f389912c29fc1e6ae88443aa4f8e854ddd9896b85938d51ebe74ae
-
SHA512
779e4a24879e1b1c8571207da48352a8d62efafd9bd3884b3ea9223f396efeb7f24fc40b30961b9603a44b48e5ff98a3bbff4d09b12801d7b71072ea9b750d7d
-
SSDEEP
12288:8cbRzjOvobJVwZOE9BS1j73qzxTOoSSYciVoM+dgE1R1Hd01LEKJ:tbRzjOvo4Bgn8FO6RMvET1Hi1LE2
Static task
static1
Behavioral task
behavioral1
Sample
E-Remittance Copy.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
E-Remittance Copy.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
smtp.innovativeenqg.co.in - Port:
25 - Username:
[email protected] - Password:
%OTz$v%9 - Email To:
[email protected]
Targets
-
-
Target
E-Remittance Copy.exe
-
Size
618KB
-
MD5
efa73414038ce709eb64144bf5dbe5b5
-
SHA1
a618f242c9c9ed858016bf56d992ffa53f4edbd2
-
SHA256
27b0580d503930275e904d52788707326aa3e2f8bd8ef247fe60ba9432767345
-
SHA512
7baae60caea6af444bfa9437bb1613fef7faee0fa3f54657fdab3dfc8454c81ab6e73eadbf6f2128261b53b4d1c334cf614183ca38c81e7911e708a6b98f5af2
-
SSDEEP
12288:S5WHiX1ngdgIMVJJs9FB/2TQOe0wFxczq83ARQeou1:7i2d0Lgb/2TCz/czpId
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-