General
-
Target
73a0327037d99cc1b679dd7a845323da2380535813892602400997cd7a7495d6.exe
-
Size
1.0MB
-
Sample
221010-l4hdjabdf8
-
MD5
0dd456a8aeafce60da6af2292455b93d
-
SHA1
8e68d6cee8e4b6e1e0554133480fdc7e0e7b54dd
-
SHA256
73a0327037d99cc1b679dd7a845323da2380535813892602400997cd7a7495d6
-
SHA512
3a09d782a9e0607fe1b881b15ba4554b02352644738ae503d7973aa68ebd1eac953c34a82a917b51774c86aca64a5c659d796f57025078cf6610ee571df2b4f4
-
SSDEEP
12288:pcfcVvMuKi+HJUGg4/ceF/kbFHyHu4kfUKwItED3V:6fcll+CGg4/ceZkbwHu4kfUKu3V
Static task
static1
Behavioral task
behavioral1
Sample
73a0327037d99cc1b679dd7a845323da2380535813892602400997cd7a7495d6.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
73a0327037d99cc1b679dd7a845323da2380535813892602400997cd7a7495d6.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot5310184099:AAGxqu0IL8tjOF6Eq6x2u0gfcHhvuxRwfLU/sendMessage?chat_id=5350445922
Targets
-
-
Target
73a0327037d99cc1b679dd7a845323da2380535813892602400997cd7a7495d6.exe
-
Size
1.0MB
-
MD5
0dd456a8aeafce60da6af2292455b93d
-
SHA1
8e68d6cee8e4b6e1e0554133480fdc7e0e7b54dd
-
SHA256
73a0327037d99cc1b679dd7a845323da2380535813892602400997cd7a7495d6
-
SHA512
3a09d782a9e0607fe1b881b15ba4554b02352644738ae503d7973aa68ebd1eac953c34a82a917b51774c86aca64a5c659d796f57025078cf6610ee571df2b4f4
-
SSDEEP
12288:pcfcVvMuKi+HJUGg4/ceF/kbFHyHu4kfUKwItED3V:6fcll+CGg4/ceZkbwHu4kfUKu3V
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-