General
-
Target
ScanImage001-jpg.exe
-
Size
961KB
-
Sample
220930-zyandsfghl
-
MD5
0b93cb67849ad7066ece0be91e21765a
-
SHA1
cdeb576936f8849b00dce39d3dc1091a2686546b
-
SHA256
be07961577d5db2f905ed8e57c8cb4bf76df11210841228a41f5b3f8c2384341
-
SHA512
b390140f4d6453d16be3d293014932d74173d5a15567f9fbe619f71dec5f4af2caee489e81586212cb23aff51d5946893e73f909240cbcd362fdd2a81101574d
-
SSDEEP
6144:A4te+RXjOuE+eDVSEhpc8duRymG8cTLJpD2PqiinBYxqzZLk64jOX0m7rPv8tg32:Ve+tjOupeDVSEhp1usL7n+x40Ob717A
Static task
static1
Behavioral task
behavioral1
Sample
ScanImage001-jpg.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
ScanImage001-jpg.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot5387999448:AAENk6Reb2hxJqqD2rN6fIet7kanu0isfWg/sendMessage?chat_id=1413074050
Targets
-
-
Target
ScanImage001-jpg.exe
-
Size
961KB
-
MD5
0b93cb67849ad7066ece0be91e21765a
-
SHA1
cdeb576936f8849b00dce39d3dc1091a2686546b
-
SHA256
be07961577d5db2f905ed8e57c8cb4bf76df11210841228a41f5b3f8c2384341
-
SHA512
b390140f4d6453d16be3d293014932d74173d5a15567f9fbe619f71dec5f4af2caee489e81586212cb23aff51d5946893e73f909240cbcd362fdd2a81101574d
-
SSDEEP
6144:A4te+RXjOuE+eDVSEhpc8duRymG8cTLJpD2PqiinBYxqzZLk64jOX0m7rPv8tg32:Ve+tjOupeDVSEhp1usL7n+x40Ob717A
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-