General
-
Target
0d36bb32b9e6664fc3090b506f55cdf9.exe
-
Size
400KB
-
Sample
221002-hmgtwscfc9
-
MD5
0d36bb32b9e6664fc3090b506f55cdf9
-
SHA1
e46dc1f96a59e75966be8e1011f53b3b6043f364
-
SHA256
d88c101a1c0570712c1c182ba9c7f501bba00f98cb9d083286b339283b9008e2
-
SHA512
8eb5b97c1d8838fff7f6c75b2e9cb183d7c2312ebab7942249ab35b8f95d88e656fce7ee20918aafa7c82db7f9dfdf355425d8a7254b081c2a31dd85c48eecf7
-
SSDEEP
6144:UvEN2U+T6i5LirrllHy4HUcMQY6TL2yP2bCRYgbw:GENN+T5xYrllrU7QY6TL2jKw
Behavioral task
behavioral1
Sample
0d36bb32b9e6664fc3090b506f55cdf9.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
0d36bb32b9e6664fc3090b506f55cdf9.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot5476629412:AAGbkcFsGq72YxKoGZjVmRBskss9nHikjMc/sendMessage?chat_id=5594190904
Targets
-
-
Target
0d36bb32b9e6664fc3090b506f55cdf9.exe
-
Size
400KB
-
MD5
0d36bb32b9e6664fc3090b506f55cdf9
-
SHA1
e46dc1f96a59e75966be8e1011f53b3b6043f364
-
SHA256
d88c101a1c0570712c1c182ba9c7f501bba00f98cb9d083286b339283b9008e2
-
SHA512
8eb5b97c1d8838fff7f6c75b2e9cb183d7c2312ebab7942249ab35b8f95d88e656fce7ee20918aafa7c82db7f9dfdf355425d8a7254b081c2a31dd85c48eecf7
-
SSDEEP
6144:UvEN2U+T6i5LirrllHy4HUcMQY6TL2yP2bCRYgbw:GENN+T5xYrllrU7QY6TL2jKw
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Snake Keylogger payload
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-