General
-
Target
202275denge ve beyan.exe
-
Size
1.0MB
-
Sample
220706-tagtxaeeap
-
MD5
cf5df047f1041ab04ce3986f65143051
-
SHA1
3d84bde7c028e4667e99c6d54fdd97ae3a625da8
-
SHA256
9000fc8be8a93dc6d1f9f07c25fc6cbf0c18225d367a333844b6deca8841ca7c
-
SHA512
8aef908cd72101c73a6576770c53b1f6ba63814a7e0aae19b1e124c8470c1c6f935403c656378a60724522c7e81507caf25efb3a52199f35e47c2af6e54f9fc1
Static task
static1
Behavioral task
behavioral1
Sample
202275denge ve beyan.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
202275denge ve beyan.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot5166529015:AAHmXMIWF4K9IarF05CZj5gCu_oVRj3zFHc/sendMessage?chat_id=5170122971
Targets
-
-
Target
202275denge ve beyan.exe
-
Size
1.0MB
-
MD5
cf5df047f1041ab04ce3986f65143051
-
SHA1
3d84bde7c028e4667e99c6d54fdd97ae3a625da8
-
SHA256
9000fc8be8a93dc6d1f9f07c25fc6cbf0c18225d367a333844b6deca8841ca7c
-
SHA512
8aef908cd72101c73a6576770c53b1f6ba63814a7e0aae19b1e124c8470c1c6f935403c656378a60724522c7e81507caf25efb3a52199f35e47c2af6e54f9fc1
Score10/10-
Snake Keylogger Payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-