General
-
Target
payment copy.exe
-
Size
890KB
-
Sample
220930-2ar9msfad9
-
MD5
f2930c042eb6ec47af52acde3f5a3b52
-
SHA1
7fe71449b27a4284adaf63f473b8152cfc7bbc99
-
SHA256
70e6066712386cd030bb8a6b9ef4f6972d4da1035f547cbdbf93a71a79e2a951
-
SHA512
3a212c5a340e440953857be8bc4f5f6382624cfa5c1dced942ba9bb11206eaa0cef204336ce03dd0002b4566f37bb559c9dab6f23f1934c967a2c173290a06cf
-
SSDEEP
12288:vuZL7Y/mYagzSg+nesdJwNlp1tRUwtx+/lKn5JQH:vuZfimifNlPtyjlIy
Static task
static1
Behavioral task
behavioral1
Sample
payment copy.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
payment copy.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot5329940603:AAEm7pamtb0Y3gJkFH2RisynqkQ5_GX9q5A/sendMessage?chat_id=5535403842
Targets
-
-
Target
payment copy.exe
-
Size
890KB
-
MD5
f2930c042eb6ec47af52acde3f5a3b52
-
SHA1
7fe71449b27a4284adaf63f473b8152cfc7bbc99
-
SHA256
70e6066712386cd030bb8a6b9ef4f6972d4da1035f547cbdbf93a71a79e2a951
-
SHA512
3a212c5a340e440953857be8bc4f5f6382624cfa5c1dced942ba9bb11206eaa0cef204336ce03dd0002b4566f37bb559c9dab6f23f1934c967a2c173290a06cf
-
SSDEEP
12288:vuZL7Y/mYagzSg+nesdJwNlp1tRUwtx+/lKn5JQH:vuZfimifNlPtyjlIy
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-