General
-
Target
Payment Swift MT103.exe
-
Size
601KB
-
Sample
210423-7gswhs7nme
-
MD5
75c579adb172b3d4563af8dcd585ed49
-
SHA1
53c69aa677a7e1445f6c0426ee035a3adc3c32cb
-
SHA256
423f49f1e5f636b7146314d960e56238b4cee750a33777f254a5054ed164335c
-
SHA512
f8184b298e31a39d235c85038424c92ddf17bd58ef4e1493c93eed6fe6bff1fad4d278f8fc5e2f0caddf1bc4d2b890af73d9ff5000f956d07a5f5223f718de73
Static task
static1
Behavioral task
behavioral1
Sample
Payment Swift MT103.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
Payment Swift MT103.exe
Resource
win10v20210410
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot1652586889:AAH8lHbzvtT4QjX1_-3uSZQlT1RC65TAqMU/sendMessage?chat_id=1661687416
Targets
-
-
Target
Payment Swift MT103.exe
-
Size
601KB
-
MD5
75c579adb172b3d4563af8dcd585ed49
-
SHA1
53c69aa677a7e1445f6c0426ee035a3adc3c32cb
-
SHA256
423f49f1e5f636b7146314d960e56238b4cee750a33777f254a5054ed164335c
-
SHA512
f8184b298e31a39d235c85038424c92ddf17bd58ef4e1493c93eed6fe6bff1fad4d278f8fc5e2f0caddf1bc4d2b890af73d9ff5000f956d07a5f5223f718de73
Score10/10-
Snake Keylogger Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-