General
-
Target
baa34a47a3e304011252780a85ae56be.exe
-
Size
257KB
-
Sample
210926-sjzweaehgk
-
MD5
baa34a47a3e304011252780a85ae56be
-
SHA1
77aaae6ca43345f9dd9871c637176634b4ec5f09
-
SHA256
e3b25e21c6d04b5f2d72025c7956dbc3a4a5613f3b8d7ab8d0010bc3d437bc1b
-
SHA512
6c0e07dbf351b5c04d50e08c9f684559f14982096762f1bbc64d4ffe86f6adf0bcf080f08b1032ced59dd3abe47d8701a9d99efc92d6b6c854d879fec6f246d9
Static task
static1
Behavioral task
behavioral1
Sample
baa34a47a3e304011252780a85ae56be.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
baa34a47a3e304011252780a85ae56be.exe
Resource
win10v20210408
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot1816395306:AAE3ZBLYV2L9aT9mL8itL9vr3RP6nOz_B1o/sendMessage?chat_id=1368673464
Targets
-
-
Target
baa34a47a3e304011252780a85ae56be.exe
-
Size
257KB
-
MD5
baa34a47a3e304011252780a85ae56be
-
SHA1
77aaae6ca43345f9dd9871c637176634b4ec5f09
-
SHA256
e3b25e21c6d04b5f2d72025c7956dbc3a4a5613f3b8d7ab8d0010bc3d437bc1b
-
SHA512
6c0e07dbf351b5c04d50e08c9f684559f14982096762f1bbc64d4ffe86f6adf0bcf080f08b1032ced59dd3abe47d8701a9d99efc92d6b6c854d879fec6f246d9
Score10/10-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-