General
-
Target
SOA..exe
-
Size
283KB
-
Sample
230328-gzbyqshc68
-
MD5
2fb4a6541352bc6ddef8ac5751572cca
-
SHA1
0b256d3a9439252035f92280d359be04c176fc0a
-
SHA256
d7c2fe9485b6c29fb527f162ecfdd6724db6fd1abca5ce08582e2860e998b3be
-
SHA512
936486109ef67313a1d2c03a360ba430c979bab6f9235ca847d7788c67e88639baad471468491f749cc8370e00f1c04151578eebbc8b33a41727c9f9c3ba4782
-
SSDEEP
6144:/Ya6dRGROV5Ap2Jv7FVnXGgerSZLaPPGQbS8pZEpLjimuL1XTJ66fC2nlkQ2G:/YDRG4bjjXG7rSeP+8pZEVWmW1DJ665V
Static task
static1
Behavioral task
behavioral1
Sample
SOA..exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
SOA..exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6112875567:AAELAi1dztc_XKpDFEg1a1IG01250o2gxXs/sendMessage?chat_id=5687933537
Targets
-
-
Target
SOA..exe
-
Size
283KB
-
MD5
2fb4a6541352bc6ddef8ac5751572cca
-
SHA1
0b256d3a9439252035f92280d359be04c176fc0a
-
SHA256
d7c2fe9485b6c29fb527f162ecfdd6724db6fd1abca5ce08582e2860e998b3be
-
SHA512
936486109ef67313a1d2c03a360ba430c979bab6f9235ca847d7788c67e88639baad471468491f749cc8370e00f1c04151578eebbc8b33a41727c9f9c3ba4782
-
SSDEEP
6144:/Ya6dRGROV5Ap2Jv7FVnXGgerSZLaPPGQbS8pZEpLjimuL1XTJ66fC2nlkQ2G:/YDRG4bjjXG7rSeP+8pZEVWmW1DJ665V
Score10/10-
Snake Keylogger payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-