General
-
Target
swift.exe
-
Size
1.2MB
-
Sample
221126-ctjzyaee64
-
MD5
208c04160fee78e1830087f5f212ebe4
-
SHA1
3319235bdb7fa406b961755f04b086ff57dca0e4
-
SHA256
f39c440765aab25976b17266085e6ac69a2baa05d0fc02299c36cf265efec341
-
SHA512
e5ca127bd48dc3940d5494d3476a2e83d4c4ff7b0363cbb54bd4ecd9cf5de40ad937447980d70731072d073bddf96b8ec4bab099ab9f2dd24934b6bdb2b824e6
-
SSDEEP
24576:bcmNPc/tVw5R4w8YEQTYodpTmt1i9LI3yD+L74mBfNUstzo:bcm0tMR4xuYod5mtQy3
Static task
static1
Behavioral task
behavioral1
Sample
swift.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
swift.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot5310184099:AAGxqu0IL8tjOF6Eq6x2u0gfcHhvuxRwfLU/sendMessage?chat_id=5350445922
Targets
-
-
Target
swift.exe
-
Size
1.2MB
-
MD5
208c04160fee78e1830087f5f212ebe4
-
SHA1
3319235bdb7fa406b961755f04b086ff57dca0e4
-
SHA256
f39c440765aab25976b17266085e6ac69a2baa05d0fc02299c36cf265efec341
-
SHA512
e5ca127bd48dc3940d5494d3476a2e83d4c4ff7b0363cbb54bd4ecd9cf5de40ad937447980d70731072d073bddf96b8ec4bab099ab9f2dd24934b6bdb2b824e6
-
SSDEEP
24576:bcmNPc/tVw5R4w8YEQTYodpTmt1i9LI3yD+L74mBfNUstzo:bcm0tMR4xuYod5mtQy3
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-