General
-
Target
eb0b222e68325f4df5413a16013b2282546a7ed405f1962a0bb71e3899206ae7
-
Size
172KB
-
Sample
220706-gef2yshdfn
-
MD5
886a47d4fee1c488afe52cdc0d7b8544
-
SHA1
36739d4436f31d0215a65f65db30800768c2cf45
-
SHA256
eb0b222e68325f4df5413a16013b2282546a7ed405f1962a0bb71e3899206ae7
-
SHA512
d9410871589c52be1385bf436f6f5e21b1b868063a4dc98bc6c550508c08eec52d76ee0c065a4f1910ced9ba20b3438ecb138cefc45a7058caf2aa1ecb15f598
Static task
static1
Behavioral task
behavioral1
Sample
eb0b222e68325f4df5413a16013b2282546a7ed405f1962a0bb71e3899206ae7.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot1707668650:AAFJBUcmT6aGlXwy3-beDARhm0ji930DCzM/sendMessage?chat_id=-772314354
Targets
-
-
Target
eb0b222e68325f4df5413a16013b2282546a7ed405f1962a0bb71e3899206ae7
-
Size
172KB
-
MD5
886a47d4fee1c488afe52cdc0d7b8544
-
SHA1
36739d4436f31d0215a65f65db30800768c2cf45
-
SHA256
eb0b222e68325f4df5413a16013b2282546a7ed405f1962a0bb71e3899206ae7
-
SHA512
d9410871589c52be1385bf436f6f5e21b1b868063a4dc98bc6c550508c08eec52d76ee0c065a4f1910ced9ba20b3438ecb138cefc45a7058caf2aa1ecb15f598
-
Snake Keylogger Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-