General
-
Target
INV-00289202.exe
-
Size
289KB
-
Sample
230328-gzbmzahc66
-
MD5
5a1cdfd26e4afd8433348e47b287882c
-
SHA1
af031bb897a71ce50907c77e2fc7518c60c80598
-
SHA256
3355b6fac696f3aad246fd34404a407dd9a7945f540537ec695bb1cb75c337c0
-
SHA512
009d9eba87e13a9b4db8ee043dbc3ac3565add30a86b7b926b911a773d6d2817a9525e9fceb5b6e330b849ebf1a0f22fb992b58a111e5833224e57ac375b853c
-
SSDEEP
6144:bYa6/lP1OjJvVJMdhINFE/MWfwfQJwwxCNfqp+a0meiesqRIvVzcc:bYllPkjVVOdhINFBk1wobvMoD
Static task
static1
Behavioral task
behavioral1
Sample
INV-00289202.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
INV-00289202.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6180860165:AAH5meoxRqYOnd7z0M_zkiqQ7pmOf_hbrUY/sendMessage?chat_id=6077046490
Targets
-
-
Target
INV-00289202.exe
-
Size
289KB
-
MD5
5a1cdfd26e4afd8433348e47b287882c
-
SHA1
af031bb897a71ce50907c77e2fc7518c60c80598
-
SHA256
3355b6fac696f3aad246fd34404a407dd9a7945f540537ec695bb1cb75c337c0
-
SHA512
009d9eba87e13a9b4db8ee043dbc3ac3565add30a86b7b926b911a773d6d2817a9525e9fceb5b6e330b849ebf1a0f22fb992b58a111e5833224e57ac375b853c
-
SSDEEP
6144:bYa6/lP1OjJvVJMdhINFE/MWfwfQJwwxCNfqp+a0meiesqRIvVzcc:bYllPkjVVOdhINFBk1wobvMoD
Score10/10-
Snake Keylogger payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-