General
-
Target
Bincryptedfile.exe.bin
-
Size
904KB
-
Sample
230505-x2eemsba9x
-
MD5
dcf0c5e9ca5972bec53fac4790c79639
-
SHA1
81d5309425bebca76b0b721a61b9f96261eb310c
-
SHA256
2d1646dc9d65c34be77a34bbedf4a7d0c14df7d3a3b0544e4a70e912467995a5
-
SHA512
224314daf6a40aaaa68c050e378f755eb66a98fd69a490cfa25bd09c345d4854351716b3c53759be71d7f1aa7fd21dac4f65e4ee71aa7a8653cbcc2482b4c34f
-
SSDEEP
12288:bqXY+1u09wVRWpVymIbdj5wLuq3foSzSmkU7U+WnhirJ:AY+1X9kR87IbdeLFfoukUKhiF
Static task
static1
Behavioral task
behavioral1
Sample
Bincryptedfile.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Bincryptedfile.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot5412042498:AAH4OVSAlB-9yvO0MxObTPVF8mPej6Ln4M4/sendMessage?chat_id=5573520537
Targets
-
-
Target
Bincryptedfile.exe.bin
-
Size
904KB
-
MD5
dcf0c5e9ca5972bec53fac4790c79639
-
SHA1
81d5309425bebca76b0b721a61b9f96261eb310c
-
SHA256
2d1646dc9d65c34be77a34bbedf4a7d0c14df7d3a3b0544e4a70e912467995a5
-
SHA512
224314daf6a40aaaa68c050e378f755eb66a98fd69a490cfa25bd09c345d4854351716b3c53759be71d7f1aa7fd21dac4f65e4ee71aa7a8653cbcc2482b4c34f
-
SSDEEP
12288:bqXY+1u09wVRWpVymIbdj5wLuq3foSzSmkU7U+WnhirJ:AY+1X9kR87IbdeLFfoukUKhiF
-
Snake Keylogger payload
-
StormKitty payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-