General
-
Target
MIGNAJbHqqz0hqw.exe
-
Size
710KB
-
Sample
230507-h5htxadc32
-
MD5
623f0ebaec76d49523c21c0479ea7d69
-
SHA1
6b961a655f34d11f2bdcf2e5ab2b7f7d5598a9dd
-
SHA256
5fa4736f2cc0d0643d02cb400a7be79acf2a4c7085d34b7837ecdd3a1c34b058
-
SHA512
4f1ba30ce362c185a14cd69abc8095d72e8bce8f436ad1ec7eddcc773f2769896ccc8d1d4c0900e434fefe801eebb19b5d08cff5e21ba973db0f0422ad2fd799
-
SSDEEP
12288:TNRYC4v3JDM8WoxoYRSVY5NN8xTDOsfldsYQwmLvIdzfiOPa:JRYhv3e8WozoV7Vq4mcdzfTP
Static task
static1
Behavioral task
behavioral1
Sample
MIGNAJbHqqz0hqw.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
MIGNAJbHqqz0hqw.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot5412042498:AAH4OVSAlB-9yvO0MxObTPVF8mPej6Ln4M4/sendMessage?chat_id=5573520537
Targets
-
-
Target
MIGNAJbHqqz0hqw.exe
-
Size
710KB
-
MD5
623f0ebaec76d49523c21c0479ea7d69
-
SHA1
6b961a655f34d11f2bdcf2e5ab2b7f7d5598a9dd
-
SHA256
5fa4736f2cc0d0643d02cb400a7be79acf2a4c7085d34b7837ecdd3a1c34b058
-
SHA512
4f1ba30ce362c185a14cd69abc8095d72e8bce8f436ad1ec7eddcc773f2769896ccc8d1d4c0900e434fefe801eebb19b5d08cff5e21ba973db0f0422ad2fd799
-
SSDEEP
12288:TNRYC4v3JDM8WoxoYRSVY5NN8xTDOsfldsYQwmLvIdzfiOPa:JRYhv3e8WozoV7Vq4mcdzfTP
-
Snake Keylogger payload
-
StormKitty payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-