General
-
Target
VSL Q88.rar
-
Size
18KB
-
Sample
230125-mq61eafg54
-
MD5
4b717baf6a9b0c219b44bc5eabc821e2
-
SHA1
b50f7f4085eda26f6da2398b55ae406ef84f5916
-
SHA256
3c3a0a24c9dc7ee7cb4a86ef7e113b9835d4dc2c69b915e9d16f68f99799e4c9
-
SHA512
df0818f521efbe13ea6b177771fedef1a4420e5b4e159eb8ba54cbcec59970d607e11cbaf542c80288e80f4e1d12249b8cc323b846a73b725dfc186ea78158ae
-
SSDEEP
384:dv2G2yiu/qWbbFYzibCcj7uQSpGy9hUGyt7MVUFFrr/hNpzrrub:deGA/QCOec2/pGy9hUXBZF/jzrrub
Static task
static1
Behavioral task
behavioral1
Sample
VSL Q88.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
VSL Q88.exe
Resource
win10v2004-20221111-en
Behavioral task
behavioral3
Sample
VSL Q88.scr
Resource
win7-20220812-en
Behavioral task
behavioral4
Sample
VSL Q88.scr
Resource
win10v2004-20221111-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot1897716112:AAEAtOCkOV8umHBB93Og24bkiIdUKReGK44/sendMessage?chat_id=1745211648
Targets
-
-
Target
VSL Q88.exe
-
Size
17KB
-
MD5
abb62deff1e4851be179ab55fb65e4a7
-
SHA1
36d60ff07bcfdbe6c83c69079c954cc655bd9557
-
SHA256
35a1eb3544b13e48380568cef531dec8473aa229fa4fccc532898b2c514f05ab
-
SHA512
2e80e80a3c8b3aa4a2a49a8bdc618f464f399e98da68dac4a558282dc237cdd7e4a899969695661af3d462d0c46e211bbd9ae1ee8a55658f724d852cd98b1e6b
-
SSDEEP
384:eBHyHMiAiIufjm2g6WeLLB3mDTQ8T3Jd:YHyHMi0ufj3H5F3mDF3T
-
Snake Keylogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
-
-
Target
VSL Q88.scr
-
Size
17KB
-
MD5
525c930b348f58ecdaf03b08c1a91495
-
SHA1
5f08e2d33fc791929e29ad5b93a319453c3583a9
-
SHA256
bb393daf400b3417fdd00e65698a3fdb977cd41cc1df894b630b271ddb4769df
-
SHA512
44f17df7f6f7bbb505a40d389496f7acca83c8e78b4180fd7e90cad1ea42731ceed36d634780cdec6758b9c8c72a23df726b668ef5e6087bc778eb28e6b0dc0e
-
SSDEEP
384:gdO0vPqnnphy83JqGq3HLBhoksn1VRi2J2kcQ5Yi:gdnPqnnph53J3q3rBJsnMkcS
Score3/10 -