General
-
Target
COLL 7773.exe
-
Size
435KB
-
Sample
211208-kpbf1abhg6
-
MD5
c57fe4114f6af202d49046eb8f9eb9f0
-
SHA1
b7e4d6555d4060cbc8aed9e012d5cbd21c710f80
-
SHA256
4196d29b45870589a6b2d0d273be722136211b75adf66d16eb38ed24661d7cfe
-
SHA512
bb23617bea69cb270ed7634fa51637166119b246c06d0fb6b5b2cb534a501f534f28971f8eae9436d293d97a5080590a1cbacb7e9c9772e00d48f424473d99fe
Static task
static1
Behavioral task
behavioral1
Sample
COLL 7773.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
COLL 7773.exe
Resource
win10-en-20211104
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot5052159294:AAGb4scUToOAE18Lp5a50ojpRkmgPK8UWdo/sendMessage?chat_id=5057579972
Targets
-
-
Target
COLL 7773.exe
-
Size
435KB
-
MD5
c57fe4114f6af202d49046eb8f9eb9f0
-
SHA1
b7e4d6555d4060cbc8aed9e012d5cbd21c710f80
-
SHA256
4196d29b45870589a6b2d0d273be722136211b75adf66d16eb38ed24661d7cfe
-
SHA512
bb23617bea69cb270ed7634fa51637166119b246c06d0fb6b5b2cb534a501f534f28971f8eae9436d293d97a5080590a1cbacb7e9c9772e00d48f424473d99fe
-
Modifies WinLogon for persistence
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-