General
-
Target
HDDINC2209247.exe
-
Size
961KB
-
Sample
221003-qndgvshbdj
-
MD5
33c0f526d615dd2289c88b047de6d02a
-
SHA1
5415d2324f7068472ccfc478df2da95f7ef7eb49
-
SHA256
675374d30c3680c4c9323b8baa97e7419f0dfd7ed9b4f8a8f871a7f61c75c7d7
-
SHA512
5676618b65d7b58bdffdeeca5e606daff347a595f43765a47b84ecf7ba0a344493fa95f08f23c7f195f4bf37d4e1b1b331c793e46f77e90d59929b68a4e09ab9
-
SSDEEP
12288:bqTiEgG2xWbAc49WTgt1LZyMvn6AhOK4HTN:3/rgTsW8t1Loc
Static task
static1
Behavioral task
behavioral1
Sample
HDDINC2209247.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
HDDINC2209247.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot1644755040:AAGRTnph6BdO8-t1bJaOyVu9aeuJErmisqs/sendMessage?chat_id=1637651323
Targets
-
-
Target
HDDINC2209247.exe
-
Size
961KB
-
MD5
33c0f526d615dd2289c88b047de6d02a
-
SHA1
5415d2324f7068472ccfc478df2da95f7ef7eb49
-
SHA256
675374d30c3680c4c9323b8baa97e7419f0dfd7ed9b4f8a8f871a7f61c75c7d7
-
SHA512
5676618b65d7b58bdffdeeca5e606daff347a595f43765a47b84ecf7ba0a344493fa95f08f23c7f195f4bf37d4e1b1b331c793e46f77e90d59929b68a4e09ab9
-
SSDEEP
12288:bqTiEgG2xWbAc49WTgt1LZyMvn6AhOK4HTN:3/rgTsW8t1Loc
Score10/10-
Snake Keylogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-