General
-
Target
WQ090090.exe
-
Size
630KB
-
Sample
210618-8yqqwwmhfa
-
MD5
63e701517f119a37e2bfb0326f2f7851
-
SHA1
aeccae0b7c91487fa9a403abd4afdc37653d88a4
-
SHA256
d373c0339517c98ee8668e152f5e0987acb36409fb33026d0bab053b84ac6d89
-
SHA512
02e24b6ed7d71051416919b68cb7b65238ed5ac6e03a3478b9e7f1ccb43319cf4d3028b8a3151e2f6fd9911fc963c89f9a35ef276ceb57099d0aa310b828670c
Static task
static1
Behavioral task
behavioral1
Sample
WQ090090.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
WQ090090.exe
Resource
win10v20210408
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot1483662500:AAGrMuxJV05-It-ke-xXVV6-R6IAtETpJb0/sendMessage?chat_id=1300181783
Targets
-
-
Target
WQ090090.exe
-
Size
630KB
-
MD5
63e701517f119a37e2bfb0326f2f7851
-
SHA1
aeccae0b7c91487fa9a403abd4afdc37653d88a4
-
SHA256
d373c0339517c98ee8668e152f5e0987acb36409fb33026d0bab053b84ac6d89
-
SHA512
02e24b6ed7d71051416919b68cb7b65238ed5ac6e03a3478b9e7f1ccb43319cf4d3028b8a3151e2f6fd9911fc963c89f9a35ef276ceb57099d0aa310b828670c
Score10/10-
Snake Keylogger Payload
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-