General
-
Target
29e69c25d02c5a45e62f038f7aa7a716
-
Size
174KB
-
Sample
220704-w92dpsafgk
-
MD5
29e69c25d02c5a45e62f038f7aa7a716
-
SHA1
9aa09cd4c4126cd410a2674a37d34d1d7575d8b0
-
SHA256
cb191c1c612b01447bd75c880c223fa73c82f9902bc6e6a26881031b0a9bf9db
-
SHA512
b626b753d4e9daf4ab42e0fe00213600a12874822703c7d7c9fb6a2c8548885ad6f30b341c317780146ac5c7dacf11331071cc721c0cc9a411c4386dc6ee00e9
Static task
static1
Behavioral task
behavioral1
Sample
29e69c25d02c5a45e62f038f7aa7a716.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
29e69c25d02c5a45e62f038f7aa7a716.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot1707668650:AAFJBUcmT6aGlXwy3-beDARhm0ji930DCzM/sendMessage?chat_id=-772314354
Targets
-
-
Target
29e69c25d02c5a45e62f038f7aa7a716
-
Size
174KB
-
MD5
29e69c25d02c5a45e62f038f7aa7a716
-
SHA1
9aa09cd4c4126cd410a2674a37d34d1d7575d8b0
-
SHA256
cb191c1c612b01447bd75c880c223fa73c82f9902bc6e6a26881031b0a9bf9db
-
SHA512
b626b753d4e9daf4ab42e0fe00213600a12874822703c7d7c9fb6a2c8548885ad6f30b341c317780146ac5c7dacf11331071cc721c0cc9a411c4386dc6ee00e9
-
Snake Keylogger Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-