General
-
Target
Purchase Order.exe
-
Size
754KB
-
Sample
230328-gzbmzaba8z
-
MD5
618bcea5b2abf922de2e342ce0714378
-
SHA1
ae73bf3a57ba8f081ae2d37ae903d073772bd48e
-
SHA256
3d31416fc1abd53a89b8e7f61a3a4a392be2c1a2a8947562a58504b9e6300be0
-
SHA512
3f0de2fef6e4ae8a0e3f3f8714065e21da32924cf94d5516b2bcee26b32b8d4c711d6d84b2361500977330022d134ea4f42af2bd4d1426421d5cc1a878f793eb
-
SSDEEP
12288:D3fKdJVZz5dz9sWJxt0kq4WVJXo7WUZmxLY4WDPr9vfquA5JcqAVC4SrMLkCL1S:DMVZ9824AiXqbsdWDP5nzAXhAURikCLs
Static task
static1
Behavioral task
behavioral1
Sample
Purchase Order.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Purchase Order.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6028065759:AAGXMc8NHPy2_lXiMVsOvq8DgefjK4ifT-U/sendMessage?chat_id=5069697890
Targets
-
-
Target
Purchase Order.exe
-
Size
754KB
-
MD5
618bcea5b2abf922de2e342ce0714378
-
SHA1
ae73bf3a57ba8f081ae2d37ae903d073772bd48e
-
SHA256
3d31416fc1abd53a89b8e7f61a3a4a392be2c1a2a8947562a58504b9e6300be0
-
SHA512
3f0de2fef6e4ae8a0e3f3f8714065e21da32924cf94d5516b2bcee26b32b8d4c711d6d84b2361500977330022d134ea4f42af2bd4d1426421d5cc1a878f793eb
-
SSDEEP
12288:D3fKdJVZz5dz9sWJxt0kq4WVJXo7WUZmxLY4WDPr9vfquA5JcqAVC4SrMLkCL1S:DMVZ9824AiXqbsdWDP5nzAXhAURikCLs
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-