General
-
Target
9f724d2598e5f67b032135e2df125042c37b3c54d20d6c60a030e958e79210f9
-
Size
1.2MB
-
Sample
221003-lbj2nahdal
-
MD5
dca729c7a235c950f1324139fed747f5
-
SHA1
dc8a6834d88dfd90056635fd1c66090cca61b232
-
SHA256
9f724d2598e5f67b032135e2df125042c37b3c54d20d6c60a030e958e79210f9
-
SHA512
7599f5773bc890dfa09c09371e019ca20881c21b2361719b4335e814a336a6ecb62f0dae10d660d6176bf80c2e0fee17e03c4017456223584d17b3fb2669f609
-
SSDEEP
24576:bJFc+MGOlEMvnhx8cwqmHrufSOtPrkGiatVUJxyYU:b/ciOlFTHw3HrPOqwvUJE
Static task
static1
Behavioral task
behavioral1
Sample
9f724d2598e5f67b032135e2df125042c37b3c54d20d6c60a030e958e79210f9.exe
Resource
win10-20220812-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot5321688653:AAEI2yqGrOA_-sRZ3xaqutrexraSgFa0AnA/sendMessage?chat_id=5048077662
Targets
-
-
Target
9f724d2598e5f67b032135e2df125042c37b3c54d20d6c60a030e958e79210f9
-
Size
1.2MB
-
MD5
dca729c7a235c950f1324139fed747f5
-
SHA1
dc8a6834d88dfd90056635fd1c66090cca61b232
-
SHA256
9f724d2598e5f67b032135e2df125042c37b3c54d20d6c60a030e958e79210f9
-
SHA512
7599f5773bc890dfa09c09371e019ca20881c21b2361719b4335e814a336a6ecb62f0dae10d660d6176bf80c2e0fee17e03c4017456223584d17b3fb2669f609
-
SSDEEP
24576:bJFc+MGOlEMvnhx8cwqmHrufSOtPrkGiatVUJxyYU:b/ciOlFTHw3HrPOqwvUJE
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-