General
-
Target
PO#4500373371.exe
-
Size
1.0MB
-
Sample
220930-k7bjqaeacm
-
MD5
3f37c61883a95bde5e894bed43d4b5f3
-
SHA1
bb76d28f611a7050a00b0dd7ee0c87b45f2aac19
-
SHA256
e0be66e9fe306de304b7f7b9227c124b9eeb9b0cf4afca86f64bdd057477ac2f
-
SHA512
7da6709a6d36c9b3967cd9a1c5e930b07cca2b69858591ba3dd7c1be2a97bd4ecd8783d53b643834145caf23f4fcfda36994ffc9f5920c288d39901a323c9ae1
-
SSDEEP
12288:m5+PQKFgirpg8kFXyvi8FV4D7oyzX1dMn7IDuEZONyLDQRS7a9:mKFxdn3K83k7oqMnEDV
Static task
static1
Behavioral task
behavioral1
Sample
PO#4500373371.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
PO#4500373371.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot5587666659:AAG8NrrXJQs__dhk8nLJBFOspz2my8OVpX0/sendMessage?chat_id=5569775004
Targets
-
-
Target
PO#4500373371.exe
-
Size
1.0MB
-
MD5
3f37c61883a95bde5e894bed43d4b5f3
-
SHA1
bb76d28f611a7050a00b0dd7ee0c87b45f2aac19
-
SHA256
e0be66e9fe306de304b7f7b9227c124b9eeb9b0cf4afca86f64bdd057477ac2f
-
SHA512
7da6709a6d36c9b3967cd9a1c5e930b07cca2b69858591ba3dd7c1be2a97bd4ecd8783d53b643834145caf23f4fcfda36994ffc9f5920c288d39901a323c9ae1
-
SSDEEP
12288:m5+PQKFgirpg8kFXyvi8FV4D7oyzX1dMn7IDuEZONyLDQRS7a9:mKFxdn3K83k7oqMnEDV
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-