General
-
Target
a7d3c2c717619db28563f68baf13b8d63e299317a2becb6670331661969f5c12
-
Size
904KB
-
Sample
221003-cctg2sbdb5
-
MD5
50514eb3eec1b4523aa1ee3f6b3644e9
-
SHA1
872b554d8bcec3f194d8ceece8510cd8d9c30a41
-
SHA256
a7d3c2c717619db28563f68baf13b8d63e299317a2becb6670331661969f5c12
-
SHA512
67af50a66b388cd3583b6d6764720082cb81d4d186d8133d3243622c5f3444301af8ba9d065578157848cf30b2dc8ca279737da96815986e3364775f5660a92e
-
SSDEEP
12288:NhTwKK4HTN1iCmz5bN5bK2x1OD6KqfBi+j1AN7mr4Rdn0q:q5LAmHJjOmsT
Static task
static1
Behavioral task
behavioral1
Sample
a7d3c2c717619db28563f68baf13b8d63e299317a2becb6670331661969f5c12.exe
Resource
win10-20220812-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot5321688653:AAEI2yqGrOA_-sRZ3xaqutrexraSgFa0AnA/sendMessage?chat_id=5048077662
Targets
-
-
Target
a7d3c2c717619db28563f68baf13b8d63e299317a2becb6670331661969f5c12
-
Size
904KB
-
MD5
50514eb3eec1b4523aa1ee3f6b3644e9
-
SHA1
872b554d8bcec3f194d8ceece8510cd8d9c30a41
-
SHA256
a7d3c2c717619db28563f68baf13b8d63e299317a2becb6670331661969f5c12
-
SHA512
67af50a66b388cd3583b6d6764720082cb81d4d186d8133d3243622c5f3444301af8ba9d065578157848cf30b2dc8ca279737da96815986e3364775f5660a92e
-
SSDEEP
12288:NhTwKK4HTN1iCmz5bN5bK2x1OD6KqfBi+j1AN7mr4Rdn0q:q5LAmHJjOmsT
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-