General
-
Target
Rogdfquub.exe
-
Size
30KB
-
Sample
220704-wjkchaaedl
-
MD5
23ba82c67551d397d13d018d93a32d06
-
SHA1
66cdf6745d666f1c09299262df3ebd3f014be20a
-
SHA256
63b747c34c71ae08653978a800692893d7ae5be122ecbaf482f7b8cff6cf3c8c
-
SHA512
b105f99db716291717df0b42675fc3a9bea63a8e1e494a92147e3bbcc1d7888a7d80a0f6f0e728893437d198d29d5ee365275663d158f2396b2bbd69bb3fa0d8
Static task
static1
Behavioral task
behavioral1
Sample
Rogdfquub.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Rogdfquub.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot1939897600:AAFkoPsh0GqeaOfexc3PJ91CjFvH6rmGT-M/sendMessage?chat_id=1715191138
Targets
-
-
Target
Rogdfquub.exe
-
Size
30KB
-
MD5
23ba82c67551d397d13d018d93a32d06
-
SHA1
66cdf6745d666f1c09299262df3ebd3f014be20a
-
SHA256
63b747c34c71ae08653978a800692893d7ae5be122ecbaf482f7b8cff6cf3c8c
-
SHA512
b105f99db716291717df0b42675fc3a9bea63a8e1e494a92147e3bbcc1d7888a7d80a0f6f0e728893437d198d29d5ee365275663d158f2396b2bbd69bb3fa0d8
Score10/10-
Snake Keylogger Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-