General
-
Target
vbc.exe
-
Size
374KB
-
Sample
220705-vxjsfsdbe8
-
MD5
24e89d07e1071f93c8f8e0a03eeb7b9a
-
SHA1
981c5c627491a6952c14921289e7d60ba819f019
-
SHA256
70c021052ad4b72188bf5d6c960e668524c7d538e9d30e4991269f7a5e79a566
-
SHA512
84b617ab92a58122c5167a13c67fed43ac3e336e7dcd2d73370a2f54c8a903d047bffd5a97a4dc08f1460ba685db9fc4daafd7edadebc2430f77666d5c0afb2f
Static task
static1
Behavioral task
behavioral1
Sample
vbc.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
vbc.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot5471298201:AAGFh758keN2eA73SQlIsmB91r4EW74GWCo/sendMessage?chat_id=5144477649
Targets
-
-
Target
vbc.exe
-
Size
374KB
-
MD5
24e89d07e1071f93c8f8e0a03eeb7b9a
-
SHA1
981c5c627491a6952c14921289e7d60ba819f019
-
SHA256
70c021052ad4b72188bf5d6c960e668524c7d538e9d30e4991269f7a5e79a566
-
SHA512
84b617ab92a58122c5167a13c67fed43ac3e336e7dcd2d73370a2f54c8a903d047bffd5a97a4dc08f1460ba685db9fc4daafd7edadebc2430f77666d5c0afb2f
Score10/10-
Snake Keylogger Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-