General
-
Target
c4bc99be2d00ad7e96c9f192f31da7d25c5971b3463b7f28f5a42659a4829ef7
-
Size
927KB
-
Sample
221031-cyvl8saghm
-
MD5
14d671c4129975e8f9fd494f1dedd4b5
-
SHA1
ba0ea614384146029b74ea300680d529dc251bea
-
SHA256
c4bc99be2d00ad7e96c9f192f31da7d25c5971b3463b7f28f5a42659a4829ef7
-
SHA512
64b7b17b1efe0a29f736f03d643024e2bfc2761a393d1020a062980d95191f22aeb1640e3a76083264de87963a073b928f6d2f13ffb4b2803ab85197bbbca26f
-
SSDEEP
24576:AOvdxkV5uJlQrndlgPEAggaor7VaSs7Z:AE+V5uL0ndK8Ag7Ss
Static task
static1
Behavioral task
behavioral1
Sample
c4bc99be2d00ad7e96c9f192f31da7d25c5971b3463b7f28f5a42659a4829ef7.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot5793325124:AAGHzRsq2tvLBf23l8pkEofcJjw4AQXsgAQ/sendMessage?chat_id=2086616067
Targets
-
-
Target
c4bc99be2d00ad7e96c9f192f31da7d25c5971b3463b7f28f5a42659a4829ef7
-
Size
927KB
-
MD5
14d671c4129975e8f9fd494f1dedd4b5
-
SHA1
ba0ea614384146029b74ea300680d529dc251bea
-
SHA256
c4bc99be2d00ad7e96c9f192f31da7d25c5971b3463b7f28f5a42659a4829ef7
-
SHA512
64b7b17b1efe0a29f736f03d643024e2bfc2761a393d1020a062980d95191f22aeb1640e3a76083264de87963a073b928f6d2f13ffb4b2803ab85197bbbca26f
-
SSDEEP
24576:AOvdxkV5uJlQrndlgPEAggaor7VaSs7Z:AE+V5uL0ndK8Ag7Ss
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-