General
-
Target
fcc555499698555ca835ae7bc4c4f734
-
Size
764KB
-
Sample
221125-d29e8shb66
-
MD5
fcc555499698555ca835ae7bc4c4f734
-
SHA1
32d7aa23603640ea5a54f2d3ce4284f4fc6c8de4
-
SHA256
f50b387ef7ab57a0caa05f0e89089b12d337d108d28a7a7ace1c2e7b324cbf66
-
SHA512
0bd602fe6398dbced3532f1933d84f022172b019dfe07edfb920f9f8fd448c0d66cb363cd4b6634d9a0d0011472e44cf4e387c701f3210e515c2f5ea4eafebb7
-
SSDEEP
12288:yg28uATAgSjSbHKo57lj73BaaIhpuHorws/:yhlSKoVl/3EaIhwH
Static task
static1
Behavioral task
behavioral1
Sample
fcc555499698555ca835ae7bc4c4f734.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
fcc555499698555ca835ae7bc4c4f734.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot5689050416:AAER7vL3U497aoq7pzBRC3Ror1bDYoH5KAQ/sendMessage?chat_id=1736922894
Targets
-
-
Target
fcc555499698555ca835ae7bc4c4f734
-
Size
764KB
-
MD5
fcc555499698555ca835ae7bc4c4f734
-
SHA1
32d7aa23603640ea5a54f2d3ce4284f4fc6c8de4
-
SHA256
f50b387ef7ab57a0caa05f0e89089b12d337d108d28a7a7ace1c2e7b324cbf66
-
SHA512
0bd602fe6398dbced3532f1933d84f022172b019dfe07edfb920f9f8fd448c0d66cb363cd4b6634d9a0d0011472e44cf4e387c701f3210e515c2f5ea4eafebb7
-
SSDEEP
12288:yg28uATAgSjSbHKo57lj73BaaIhpuHorws/:yhlSKoVl/3EaIhwH
Score10/10-
Snake Keylogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-