General
-
Target
P0A2249.exe
-
Size
1.1MB
-
Sample
220923-gw38tahccn
-
MD5
43f9694be950da3cbc89ceb296b2eb3b
-
SHA1
2138532f5a09386b06a338acab2b79b0167b7f62
-
SHA256
aa42f20183026e8912e487dc655d4459e8e37e3743cdc7753dc60fa712d8117f
-
SHA512
f6dedfc5b460f7eddbee51f4d0b98490a4b7f0791a573f803823d5444c52519bed0dcbaa73b213ff826b3a5a00c0822adde87301268fa350567285f22d0240ac
-
SSDEEP
12288:0hLuyAHYT68OXKtHRtD4/coF8IxbVp2w2L6TVHLT0R2pmMCTi:0hLuyyW65X2k/F8nw2cHLTU6C
Static task
static1
Behavioral task
behavioral1
Sample
P0A2249.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
P0A2249.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot5478319803:AAHq9LkDUFBRvjOub4YfRlPURZxM59_BVnc/sendMessage?chat_id=5516439768
Targets
-
-
Target
P0A2249.exe
-
Size
1.1MB
-
MD5
43f9694be950da3cbc89ceb296b2eb3b
-
SHA1
2138532f5a09386b06a338acab2b79b0167b7f62
-
SHA256
aa42f20183026e8912e487dc655d4459e8e37e3743cdc7753dc60fa712d8117f
-
SHA512
f6dedfc5b460f7eddbee51f4d0b98490a4b7f0791a573f803823d5444c52519bed0dcbaa73b213ff826b3a5a00c0822adde87301268fa350567285f22d0240ac
-
SSDEEP
12288:0hLuyAHYT68OXKtHRtD4/coF8IxbVp2w2L6TVHLT0R2pmMCTi:0hLuyyW65X2k/F8nw2cHLTU6C
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-