General
-
Target
a3e34d9df2e5ed18ecb2236c44428ecb068bf476767eb482e0812eeb761071fd
-
Size
542KB
-
Sample
230505-xfla3aeg78
-
MD5
0d4950c69afb9b3c9b2d52b7b5ae9d41
-
SHA1
83d808fb0f8b8e35fc9ffa92fa0ff6e90bb55da0
-
SHA256
a3e34d9df2e5ed18ecb2236c44428ecb068bf476767eb482e0812eeb761071fd
-
SHA512
e4c81c5c28229566513ed59baade14f9ed2c197d7c38345a68a36eede6e5f7c538e081e2969089e37d25510e919f1f8f35d4c8bcea548094306e48923b216769
-
SSDEEP
12288:7LalT62iZFFmfaG/I2U7ttsqbEvxA9RDM6uARdWzMM:qY2uFmfaG/I2ULBb2A/DM6dEYM
Static task
static1
Behavioral task
behavioral1
Sample
a3e34d9df2e5ed18ecb2236c44428ecb068bf476767eb482e0812eeb761071fd.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
a3e34d9df2e5ed18ecb2236c44428ecb068bf476767eb482e0812eeb761071fd.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot5905114115:AAEtJ13Y8sU1fQgR9KsdZZhYCIQmu7J2ahU/sendMessage?chat_id=5334267822
Targets
-
-
Target
a3e34d9df2e5ed18ecb2236c44428ecb068bf476767eb482e0812eeb761071fd
-
Size
542KB
-
MD5
0d4950c69afb9b3c9b2d52b7b5ae9d41
-
SHA1
83d808fb0f8b8e35fc9ffa92fa0ff6e90bb55da0
-
SHA256
a3e34d9df2e5ed18ecb2236c44428ecb068bf476767eb482e0812eeb761071fd
-
SHA512
e4c81c5c28229566513ed59baade14f9ed2c197d7c38345a68a36eede6e5f7c538e081e2969089e37d25510e919f1f8f35d4c8bcea548094306e48923b216769
-
SSDEEP
12288:7LalT62iZFFmfaG/I2U7ttsqbEvxA9RDM6uARdWzMM:qY2uFmfaG/I2ULBb2A/DM6dEYM
-
Snake Keylogger payload
-
StormKitty payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-