General
-
Target
SecuriteInfo.com.Variant.Tedy.125031.6342.7539
-
Size
559KB
-
Sample
220705-eaf52sdfdn
-
MD5
fcb065417cc5d94d1eef8f1fa3799486
-
SHA1
adec8644878384fbb7a93068aa28a1594f304fcf
-
SHA256
4e4937d04ce933221fad993e7db49a096f11cefbe11c593da9041d5e375d6119
-
SHA512
cef1a45ccadc8131375addf06dd973d0abea9403753c0ca9bf6d256f07f9ba02ff1e72950976d64cc129ac35e7ff2db3b1769614259d9a1198c7aefb9d5fec95
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Variant.Tedy.125031.6342.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Variant.Tedy.125031.6342.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot5412042498:AAH4OVSAlB-9yvO0MxObTPVF8mPej6Ln4M4/sendMessage?chat_id=5573520537
Targets
-
-
Target
SecuriteInfo.com.Variant.Tedy.125031.6342.7539
-
Size
559KB
-
MD5
fcb065417cc5d94d1eef8f1fa3799486
-
SHA1
adec8644878384fbb7a93068aa28a1594f304fcf
-
SHA256
4e4937d04ce933221fad993e7db49a096f11cefbe11c593da9041d5e375d6119
-
SHA512
cef1a45ccadc8131375addf06dd973d0abea9403753c0ca9bf6d256f07f9ba02ff1e72950976d64cc129ac35e7ff2db3b1769614259d9a1198c7aefb9d5fec95
Score10/10-
Snake Keylogger Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-