General
-
Target
A.exe
-
Size
670KB
-
Sample
230505-xdjdpaee39
-
MD5
d56b5825767c11b91408069481007a40
-
SHA1
f448108c0e83fe0ea6f7ece79c98f1d5527d673c
-
SHA256
a158e9d32de440383597798db8deae678b54f6d0378a9788ff1a87a1e239f2f4
-
SHA512
2b655a89e7302194cba57c1aeb41312fd211407f9a5233d14fd81aa571f27deb3a440d33204d0f4c4eaac322e95859471cf5f22fef2ac8a5339ed3cbdeaf616f
-
SSDEEP
12288:uZo/arWBv6pOw5XxzwvJLyQ+o5v6nnjqKoe:LarWN6pOgBzwhL8op6nnjqKoe
Static task
static1
Behavioral task
behavioral1
Sample
A.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
A.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot5723707890:AAH2xRvI7tQmHUTxHRRudv8WoyAoxdIIcOI/sendMessage?chat_id=1760125104
Targets
-
-
Target
A.exe
-
Size
670KB
-
MD5
d56b5825767c11b91408069481007a40
-
SHA1
f448108c0e83fe0ea6f7ece79c98f1d5527d673c
-
SHA256
a158e9d32de440383597798db8deae678b54f6d0378a9788ff1a87a1e239f2f4
-
SHA512
2b655a89e7302194cba57c1aeb41312fd211407f9a5233d14fd81aa571f27deb3a440d33204d0f4c4eaac322e95859471cf5f22fef2ac8a5339ed3cbdeaf616f
-
SSDEEP
12288:uZo/arWBv6pOw5XxzwvJLyQ+o5v6nnjqKoe:LarWN6pOgBzwhL8op6nnjqKoe
-
Snake Keylogger payload
-
StormKitty payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-