General
-
Target
f939e4e486b3a8611b8800a2e5178706.bin
-
Size
585KB
-
Sample
240706-d4ryzaxcpg
-
MD5
7f711c9ee22ebb63f042baabfb6cdfa8
-
SHA1
a84bca25ed23af957d357c3243723330afc62583
-
SHA256
4628f44e616825042f77a56e752aac905c6ce9a1e6830f11a6a14682900d4288
-
SHA512
a1dabe0c8ccbca4361ed16db836707df56eab2c189c731b306ad045fe95a61de4819590e5ae5f9c791fa7bcce62414bdf486a8e7cf7e547eeb230defee0eef4e
-
SSDEEP
12288:37U0U0MXGvamyVrIGQ/pVc0/GybuECHzvauSdm3itaPHAt+IPs:rNU00RFCpbyE2iaot9Ps
Static task
static1
Behavioral task
behavioral1
Sample
E-Remittance Copy.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
E-Remittance Copy.exe
Resource
win10v2004-20240704-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
smtp.innovativeenqg.co.in - Port:
25 - Username:
[email protected] - Password:
%OTz$v%9 - Email To:
[email protected]
Targets
-
-
Target
E-Remittance Copy.exe
-
Size
618KB
-
MD5
efa73414038ce709eb64144bf5dbe5b5
-
SHA1
a618f242c9c9ed858016bf56d992ffa53f4edbd2
-
SHA256
27b0580d503930275e904d52788707326aa3e2f8bd8ef247fe60ba9432767345
-
SHA512
7baae60caea6af444bfa9437bb1613fef7faee0fa3f54657fdab3dfc8454c81ab6e73eadbf6f2128261b53b4d1c334cf614183ca38c81e7911e708a6b98f5af2
-
SSDEEP
12288:S5WHiX1ngdgIMVJJs9FB/2TQOe0wFxczq83ARQeou1:7i2d0Lgb/2TCz/czpId
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-