General
-
Target
9cef746651b3dc0dc351663360dc8b614e4bd4d82b44ed13a212e988d2f3c072
-
Size
820KB
-
Sample
230125-man5nahd2y
-
MD5
5344e37c86b3d841a58be30d101b9172
-
SHA1
bd05b90d215555d814425cd1063a8196b970c1a4
-
SHA256
9cef746651b3dc0dc351663360dc8b614e4bd4d82b44ed13a212e988d2f3c072
-
SHA512
7f40d908eb3fac4919fc8c6eac28e6ece5af3d744018a179945ce9b200e6f7c3553135ed73a91206d88697ecd9b572b99edf8e7ed1a7b9295f55d9bd5a166929
-
SSDEEP
24576:t8kyGyOYQzlGI6AAgZ5KwJSXqfejQP+xyTAWHt:t8kypOYjI6A1r8XKmxkN
Static task
static1
Behavioral task
behavioral1
Sample
9cef746651b3dc0dc351663360dc8b614e4bd4d82b44ed13a212e988d2f3c072.exe
Resource
win10-20220901-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot5611396317:AAGsgxx4hwlHZa8kVodTZpCQipWRFwFvBO0/sendMessage?chat_id=5237953097
Targets
-
-
Target
9cef746651b3dc0dc351663360dc8b614e4bd4d82b44ed13a212e988d2f3c072
-
Size
820KB
-
MD5
5344e37c86b3d841a58be30d101b9172
-
SHA1
bd05b90d215555d814425cd1063a8196b970c1a4
-
SHA256
9cef746651b3dc0dc351663360dc8b614e4bd4d82b44ed13a212e988d2f3c072
-
SHA512
7f40d908eb3fac4919fc8c6eac28e6ece5af3d744018a179945ce9b200e6f7c3553135ed73a91206d88697ecd9b572b99edf8e7ed1a7b9295f55d9bd5a166929
-
SSDEEP
24576:t8kyGyOYQzlGI6AAgZ5KwJSXqfejQP+xyTAWHt:t8kypOYjI6A1r8XKmxkN
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-