General
-
Target
81bf7194541beae3d3878600b63e5753.bin
-
Size
406KB
-
Sample
230505-w7x89sdg68
-
MD5
b39be69b4a0d8d99367e6f41bae35121
-
SHA1
3e0a61c3bf29d07ebb5ec2d653796f205f049c02
-
SHA256
f569fb20b7b098896bb88a8ad460ad1b847ed9b9a43cc7e577eca2d5de80ab20
-
SHA512
e0bbd6688527dd02f0ab32c2b62afbc9f86bfc425ae408504a510cfeda70e13f4dc52e054990ff57316edda068e0b1524e668594e3886a8f02f4671a65ca23b0
-
SSDEEP
12288:M3INNuj+l+J+Li9P7mrxMK2oJG74A9WrgbP:MEuWf+MrKKxG744vT
Static task
static1
Behavioral task
behavioral1
Sample
201a70eaa336c001f0573d3a2915e2c372df418bbf27c8729b30e4b08da2e8c9.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
201a70eaa336c001f0573d3a2915e2c372df418bbf27c8729b30e4b08da2e8c9.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot5435719278:AAFkA_rGsUomupSCBqIPHcOBw0iPF0KuOG0/sendMessage?chat_id=5666881718
Targets
-
-
Target
201a70eaa336c001f0573d3a2915e2c372df418bbf27c8729b30e4b08da2e8c9.exe
-
Size
584KB
-
MD5
81bf7194541beae3d3878600b63e5753
-
SHA1
67ce7c1ace75ee46b8ce83feedaef37c1f0a59a2
-
SHA256
201a70eaa336c001f0573d3a2915e2c372df418bbf27c8729b30e4b08da2e8c9
-
SHA512
09b0a2ec5ce3ffac0705cf27973da0a26ed45eaef2893dc25fdc43b102219f0bbc768d50ac8ca5fdfac32af1cf5777bf74e6bd72a4543baa1bd2fd607473f4ee
-
SSDEEP
6144:LMZIXrvWfZJpKtHrnI9Dw17I+Ic5T1LxHE8CZV8m+oNRJOO2jRq2E71lOWMqp7t/:e+nIm7I+TRVCEm+oX52RIxlH7tUFu
-
Snake Keylogger payload
-
StormKitty payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-