General
-
Target
Swift Copy.zip
-
Size
712KB
-
Sample
230327-snbpdaea56
-
MD5
df3cabdc3118917bee6963867fc39893
-
SHA1
acb4f5d46da439907a89f6bd34dbb520f7e5e401
-
SHA256
8da2351abef14c9b2537c3e3d94b5c23ef9f5f3b4fb884bc99d42c7ad09493b4
-
SHA512
0b26ddeaee5142181060d9314adb8d61c22afe097ff2e028523b7ab49778017b789495bdf150d224d58b1f9e0396428dcbae4156ed33ab08d03730d157134f64
-
SSDEEP
12288:yeMAGqrOB93rMR2Wi/O5ak02MJRGMb/SGLYYJ2YwHmMulZefr5TFiGULCAEgih52:yeBXrOQ8/O5FwRHtLtJ2YTMulyr5TYVd
Static task
static1
Behavioral task
behavioral1
Sample
Swift Copy.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Swift Copy.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6284958682:AAFqhG3qHKFjAq48ezySmL8vRDzlw2Jx9s8/sendMessage?chat_id=5636036075
Targets
-
-
Target
Swift Copy.exe
-
Size
758KB
-
MD5
97dda9477c75520715b9f892bb9dbcda
-
SHA1
5f808069589336be86d65ddd34d0301af0331e8b
-
SHA256
53186731a63a71683ff6672b8fad44b2d8df96dd8c11b9817eb2a37422d65860
-
SHA512
22bf5d7b2c1e7cbee80b1e33c33c65a604ff6538a6b9b742d7aab47ffb8c8e0f3b288e41757df1c59ce7f5be6c94527b278ecc7dfaf1911baa125f75da7a2ccc
-
SSDEEP
12288:td7w9YO/R3rM52Wi/ODakc2MJR2Mh/SGLuYj26wH6Mulz4fr5TtiGELCAEgiV5xg:Dw9YOqg/ODFYR5tLDj261Mulqr5Tw3Vg
Score10/10-
Snake Keylogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-