General
-
Target
flosh.exe
-
Size
52KB
-
Sample
220704-wjkchacee5
-
MD5
fc98b95e8ff90b78895ed01d5a6dd1d3
-
SHA1
526aeb6d7216a9567b619b56ef0af0693bae72a9
-
SHA256
cd4af46185777fd2e5fc2bed90454d28f54273e797afc77ae8230df60b26f3bb
-
SHA512
830bd621b0109929812c90fa6c352c98dd6aa424927f499c2658dbe8297da9449268ead089639414c55e35cd9185fec1a57a4f03433a3513f7e442bcfa4a9694
Static task
static1
Behavioral task
behavioral1
Sample
flosh.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
flosh.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot5583198829:AAHbRGAnlJ9Tg3ETPxGtj_jZ8tVhm4DB4io/sendMessage?chat_id=1148000519
Targets
-
-
Target
flosh.exe
-
Size
52KB
-
MD5
fc98b95e8ff90b78895ed01d5a6dd1d3
-
SHA1
526aeb6d7216a9567b619b56ef0af0693bae72a9
-
SHA256
cd4af46185777fd2e5fc2bed90454d28f54273e797afc77ae8230df60b26f3bb
-
SHA512
830bd621b0109929812c90fa6c352c98dd6aa424927f499c2658dbe8297da9449268ead089639414c55e35cd9185fec1a57a4f03433a3513f7e442bcfa4a9694
-
Snake Keylogger Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-