General
-
Target
REQUEST FOR A QUOTATION 410656.exe
-
Size
283KB
-
Sample
230328-gzbyqsba9t
-
MD5
05791124cd0377ff045ba96a88642f3a
-
SHA1
c71656fb59ab2d5b2693c60105731e8b3e8ba726
-
SHA256
658fced362ebd1582c4153f5e79d7df430ba5f36c1cc1ea8d8281641b4f9f78d
-
SHA512
e8fbee3d1299678028d5f543028c64ed46f5079739f915767692ddb7e61c68582473424a288d8dd8c6af73cb1af5d8a918d4fa09aa74c37bf5fa4e4a69d38b2e
-
SSDEEP
6144:vYa6AIGzreANtyDjZT3W01EKvzuMkEno34/5ZvRS:vYWIGzrOjJmSnJ5ZvQ
Static task
static1
Behavioral task
behavioral1
Sample
REQUEST FOR A QUOTATION 410656.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
REQUEST FOR A QUOTATION 410656.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6160036640:AAHqrAdmG4_GQkcLvxoups3k8WSEUC34w1g/sendMessage?chat_id=2052461776
Targets
-
-
Target
REQUEST FOR A QUOTATION 410656.exe
-
Size
283KB
-
MD5
05791124cd0377ff045ba96a88642f3a
-
SHA1
c71656fb59ab2d5b2693c60105731e8b3e8ba726
-
SHA256
658fced362ebd1582c4153f5e79d7df430ba5f36c1cc1ea8d8281641b4f9f78d
-
SHA512
e8fbee3d1299678028d5f543028c64ed46f5079739f915767692ddb7e61c68582473424a288d8dd8c6af73cb1af5d8a918d4fa09aa74c37bf5fa4e4a69d38b2e
-
SSDEEP
6144:vYa6AIGzreANtyDjZT3W01EKvzuMkEno34/5ZvRS:vYWIGzrOjJmSnJ5ZvQ
Score10/10-
Snake Keylogger payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-