General
-
Target
CamScan03102022_payment_receipt_AU9389990001RCA.exe
-
Size
840KB
-
Sample
221003-jptf5sfdcn
-
MD5
b0a8c313b595faee613975f8caae0d8f
-
SHA1
2700323d23739897ebb239b2dee27b99195163c3
-
SHA256
d5863100cda763f0b62cb1713f18d6218336bc726ce0890136716d92dd432223
-
SHA512
c458f3f77ba65fa45e17f9cce3f5f445f27beb8901ebe2931d4dea69e32667334a0050f9b0d7e5d8d482965882a17befc2a349b03cb801f17498ea3ed9f3b377
-
SSDEEP
12288:QK4HTNxjAOOLPaFzwDmG0Vs5o0uaPb4aB+ypYvN3s/zpHyRhBOY4JL:o8aFHGP5zuasaBpZyRbz4JL
Static task
static1
Behavioral task
behavioral1
Sample
CamScan03102022_payment_receipt_AU9389990001RCA.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
CamScan03102022_payment_receipt_AU9389990001RCA.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot5453475689:AAEPtYkTq-8THTeKrYW8b68w6CGTVgKvmpM/sendMessage?chat_id=5798274961
Targets
-
-
Target
CamScan03102022_payment_receipt_AU9389990001RCA.exe
-
Size
840KB
-
MD5
b0a8c313b595faee613975f8caae0d8f
-
SHA1
2700323d23739897ebb239b2dee27b99195163c3
-
SHA256
d5863100cda763f0b62cb1713f18d6218336bc726ce0890136716d92dd432223
-
SHA512
c458f3f77ba65fa45e17f9cce3f5f445f27beb8901ebe2931d4dea69e32667334a0050f9b0d7e5d8d482965882a17befc2a349b03cb801f17498ea3ed9f3b377
-
SSDEEP
12288:QK4HTNxjAOOLPaFzwDmG0Vs5o0uaPb4aB+ypYvN3s/zpHyRhBOY4JL:o8aFHGP5zuasaBpZyRbz4JL
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-