General
-
Target
Swift Copy.exe
-
Size
758KB
-
Sample
230327-yemyyafa27
-
MD5
97dda9477c75520715b9f892bb9dbcda
-
SHA1
5f808069589336be86d65ddd34d0301af0331e8b
-
SHA256
53186731a63a71683ff6672b8fad44b2d8df96dd8c11b9817eb2a37422d65860
-
SHA512
22bf5d7b2c1e7cbee80b1e33c33c65a604ff6538a6b9b742d7aab47ffb8c8e0f3b288e41757df1c59ce7f5be6c94527b278ecc7dfaf1911baa125f75da7a2ccc
-
SSDEEP
12288:td7w9YO/R3rM52Wi/ODakc2MJR2Mh/SGLuYj26wH6Mulz4fr5TtiGELCAEgiV5xg:Dw9YOqg/ODFYR5tLDj261Mulqr5Tw3Vg
Static task
static1
Behavioral task
behavioral1
Sample
Swift Copy.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Swift Copy.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6284958682:AAFqhG3qHKFjAq48ezySmL8vRDzlw2Jx9s8/sendMessage?chat_id=5636036075
Targets
-
-
Target
Swift Copy.exe
-
Size
758KB
-
MD5
97dda9477c75520715b9f892bb9dbcda
-
SHA1
5f808069589336be86d65ddd34d0301af0331e8b
-
SHA256
53186731a63a71683ff6672b8fad44b2d8df96dd8c11b9817eb2a37422d65860
-
SHA512
22bf5d7b2c1e7cbee80b1e33c33c65a604ff6538a6b9b742d7aab47ffb8c8e0f3b288e41757df1c59ce7f5be6c94527b278ecc7dfaf1911baa125f75da7a2ccc
-
SSDEEP
12288:td7w9YO/R3rM52Wi/ODakc2MJR2Mh/SGLuYj26wH6Mulz4fr5TtiGELCAEgiV5xg:Dw9YOqg/ODFYR5tLDj261Mulqr5Tw3Vg
Score10/10-
Snake Keylogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-