General
-
Target
swift copy.exe
-
Size
159KB
-
Sample
230302-nk1f4scc8t
-
MD5
a05dab3d9ba8ee173ad40f31f0fa340a
-
SHA1
4c5edd5d59c7a3b79b148e3e2b91271f7364e9ac
-
SHA256
5020d7b12b16dc94b7850fd3e25189e2a5181657456c3322bc2168017f0d067d
-
SHA512
2135a9525edb31514a624efb62d1aeb8c4c0359caabe6e6b1eee7754ed92e6491e633861308dde58ed4961e1e5e0e3fc8068d00e0062a11f853c1f2f6d396c92
-
SSDEEP
768:dukr+M0fV7RW1JbUGmp7NxryR27zAFEzD/xworhq:duke7RAJu7vryR2XSWwOhq
Malware Config
Extracted
purecrypter
http://192.3.26.135/uo/Qjryxyrtsm.dat
Extracted
snakekeylogger
https://api.telegram.org/bot5842658268:AAFa1TIZBWvKq67mLd-pTMwvO6MhstGffX8/sendMessage?chat_id=6202719269
Targets
-
-
Target
swift copy.exe
-
Size
159KB
-
MD5
a05dab3d9ba8ee173ad40f31f0fa340a
-
SHA1
4c5edd5d59c7a3b79b148e3e2b91271f7364e9ac
-
SHA256
5020d7b12b16dc94b7850fd3e25189e2a5181657456c3322bc2168017f0d067d
-
SHA512
2135a9525edb31514a624efb62d1aeb8c4c0359caabe6e6b1eee7754ed92e6491e633861308dde58ed4961e1e5e0e3fc8068d00e0062a11f853c1f2f6d396c92
-
SSDEEP
768:dukr+M0fV7RW1JbUGmp7NxryR27zAFEzD/xworhq:duke7RAJu7vryR2XSWwOhq
Score10/10-
PureCrypter
PureCrypter is a .NET malware loader first seen in early 2021.
-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-