General
-
Target
Document.exe
-
Size
1.3MB
-
Sample
221123-qsynlahg6v
-
MD5
0fbac84ae97242d3336c486f3886d058
-
SHA1
8dac1f87c7129b04a8ea1f06cf44ed0f51b7bbbe
-
SHA256
d80650ed37463b35238a439658309270ab12dd0b360f1d6dbe9b3e27fa298929
-
SHA512
efef78383be178db859d2a1fe0ef1c12a438099c6d13e5b5e6e94325f14bf26f215f9d31b501d9722cf6781da0f45a8b1bab4f08a470e52d6a9a96ba613a13f7
-
SSDEEP
24576:kzKZgh/aw8XFDg3FSKDqbLRLlvOQK0iCz4y2Dz:kzKqh/dfS/ZBf4N
Static task
static1
Behavioral task
behavioral1
Sample
Document.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
Document.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot5310184099:AAGxqu0IL8tjOF6Eq6x2u0gfcHhvuxRwfLU/sendMessage?chat_id=5350445922
Targets
-
-
Target
Document.exe
-
Size
1.3MB
-
MD5
0fbac84ae97242d3336c486f3886d058
-
SHA1
8dac1f87c7129b04a8ea1f06cf44ed0f51b7bbbe
-
SHA256
d80650ed37463b35238a439658309270ab12dd0b360f1d6dbe9b3e27fa298929
-
SHA512
efef78383be178db859d2a1fe0ef1c12a438099c6d13e5b5e6e94325f14bf26f215f9d31b501d9722cf6781da0f45a8b1bab4f08a470e52d6a9a96ba613a13f7
-
SSDEEP
24576:kzKZgh/aw8XFDg3FSKDqbLRLlvOQK0iCz4y2Dz:kzKqh/dfS/ZBf4N
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-