General
-
Target
PO#43576300.exe
-
Size
1.2MB
-
Sample
221003-jptf5sfdcm
-
MD5
f2e7ffb24a4bc32e9ab865eb9d87b882
-
SHA1
6c6069001b11b2e828a599a42f823dfe38dc851b
-
SHA256
f814f4fe8d450dc8cfc62cde57a5e4a2e72bb758f1c2d71f8483ab20315a571b
-
SHA512
63c73c2885e35aba26d377e071ed6de3c3baebdf885ddd0c16a4f72bf5e7a308e6f670f445d4431931d325245f389fba71ddd96ff7471f01fdf5f5538520a543
-
SSDEEP
12288:mDh0K4HTN1B2YpVDjhXGAmRnp4pTXlHpIL+6ADjWMitERWc:N8qj8Aop4p7le+6+iMFW
Static task
static1
Behavioral task
behavioral1
Sample
PO#43576300.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
PO#43576300.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot5587666659:AAG8NrrXJQs__dhk8nLJBFOspz2my8OVpX0/sendMessage?chat_id=5569775004
Targets
-
-
Target
PO#43576300.exe
-
Size
1.2MB
-
MD5
f2e7ffb24a4bc32e9ab865eb9d87b882
-
SHA1
6c6069001b11b2e828a599a42f823dfe38dc851b
-
SHA256
f814f4fe8d450dc8cfc62cde57a5e4a2e72bb758f1c2d71f8483ab20315a571b
-
SHA512
63c73c2885e35aba26d377e071ed6de3c3baebdf885ddd0c16a4f72bf5e7a308e6f670f445d4431931d325245f389fba71ddd96ff7471f01fdf5f5538520a543
-
SSDEEP
12288:mDh0K4HTN1B2YpVDjhXGAmRnp4pTXlHpIL+6ADjWMitERWc:N8qj8Aop4p7le+6+iMFW
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-