General
-
Target
Hzgbdtv.exe
-
Size
7KB
-
Sample
230127-rcnzwsch8t
-
MD5
13f56221e7b4ef51feaa422a92804aaf
-
SHA1
c0dc841f1683b4588106ab80e46e7767cebcc354
-
SHA256
e691ec947eca2d0cceec93a841a639238c1a69f96860fcbcd864c59a36dfac58
-
SHA512
1c3d3a571f8eb4225bdd16b729663f3cca8b373f09e607b032641c1adedd0af3b34f0b3b9cb90a54c89afd761ec6d0d8ee88d6b8dcc05117b84341702dbe0fca
-
SSDEEP
96:OfGUTjV1Cs/61o2AlTYHSJ+A2BqtmWQHtEkOCJjVEIBRxzNt:OfT/V1Zxl32IcWQHzOCjJ/T
Static task
static1
Behavioral task
behavioral1
Sample
Hzgbdtv.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Hzgbdtv.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot5824924248:AAF4WKjJ8FxpNsC2HwCM114EP_g8rFkC4wQ/sendMessage?chat_id=2054148913
Targets
-
-
Target
Hzgbdtv.exe
-
Size
7KB
-
MD5
13f56221e7b4ef51feaa422a92804aaf
-
SHA1
c0dc841f1683b4588106ab80e46e7767cebcc354
-
SHA256
e691ec947eca2d0cceec93a841a639238c1a69f96860fcbcd864c59a36dfac58
-
SHA512
1c3d3a571f8eb4225bdd16b729663f3cca8b373f09e607b032641c1adedd0af3b34f0b3b9cb90a54c89afd761ec6d0d8ee88d6b8dcc05117b84341702dbe0fca
-
SSDEEP
96:OfGUTjV1Cs/61o2AlTYHSJ+A2BqtmWQHtEkOCJjVEIBRxzNt:OfT/V1Zxl32IcWQHzOCjJ/T
-
Detect PureCrypter injector
-
PureCrypter
PureCrypter is a .NET malware loader first seen in early 2021.
-
Snake Keylogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-