General
-
Target
e3236b647b3325eec569bb0f9280bd64.exe
-
Size
40KB
-
Sample
211021-lnrx2aahfm
-
MD5
e3236b647b3325eec569bb0f9280bd64
-
SHA1
13a3fe2b75208607193d005d1fb2c12988d18f2e
-
SHA256
b2d118155438754402d690a2ed9e51a1419cde42566dc5cd125b66bb3dbbd409
-
SHA512
30a74b80a22ce77c1a1f78b672fd37781eead78a7bab813eeb213a382d7489996fdcfbb152725c860712ef67e014890b60f053f273c886076018b2bdcbc16b9d
Static task
static1
Behavioral task
behavioral1
Sample
e3236b647b3325eec569bb0f9280bd64.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
e3236b647b3325eec569bb0f9280bd64.exe
Resource
win10-en-20211014
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot2011911710:AAFbAKM_5V9w0QGHqXxcRu9A7iFSTWlskIg/sendMessage?chat_id=1293496579
Targets
-
-
Target
e3236b647b3325eec569bb0f9280bd64.exe
-
Size
40KB
-
MD5
e3236b647b3325eec569bb0f9280bd64
-
SHA1
13a3fe2b75208607193d005d1fb2c12988d18f2e
-
SHA256
b2d118155438754402d690a2ed9e51a1419cde42566dc5cd125b66bb3dbbd409
-
SHA512
30a74b80a22ce77c1a1f78b672fd37781eead78a7bab813eeb213a382d7489996fdcfbb152725c860712ef67e014890b60f053f273c886076018b2bdcbc16b9d
-
Turns off Windows Defender SpyNet reporting
-
Nirsoft
-
Executes dropped EXE
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-