General
-
Target
TRANSFER SLIP.zip
-
Size
577KB
-
Sample
221002-qy359saffm
-
MD5
ba6bc4087f57975b2886bab4fcad816c
-
SHA1
563df6c5fbbb4c10e7e738659bffc9bfe802144d
-
SHA256
38543c4955269b467bcbf29ce2cffae11ba6640ef517010b0ed59d6777493f42
-
SHA512
ddff7d0f43bd1f9764525e6a2ee30ba1c6fbe02b771de83790de433df0775af4682709ea8edb871b77f388b8f1393f64d35be567b76905ab2f80810ee104e16e
-
SSDEEP
12288:YReNpZPg2iP3XZqzrqn2ZjS9NJoW0BEJMAFjn+F3GRwSp6:YRexI1PX8zeuRmJMQ+F3gE
Static task
static1
Behavioral task
behavioral1
Sample
TRANSFER SLIP.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
TRANSFER SLIP.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot5227573794:AAECZBnQSxLs0aOVsV2wnclC6-WKnxPpi_k/sendMessage?chat_id=5217421430
Targets
-
-
Target
TRANSFER SLIP.exe
-
Size
1.0MB
-
MD5
7a6b0980328902701e46b0e67288b565
-
SHA1
18eece768efd6b51990336bd7d580902db79f951
-
SHA256
8c456876915598dc988732791d60ea7129c1f03f9eabd10951ce2996c9c0997f
-
SHA512
e167579fbe129b819fc79581a34fc58c0fefb773ca7bc0e98b7024435cc0c8f0df7fbe86be21ecf338eedb7aeb442c8ec0a7b67a44330c1c219683f560bd168e
-
SSDEEP
12288:NikVrArSr9kMp1txX2iNoADqjJ5nmZhS/NFMWINKJmAtnn+F3ORwspu:xrArSrBv1Qjr+NoJm4+F3+A
Score10/10-
Snake Keylogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-