General
-
Target
PO 6543YT56.xlsx.exe
-
Size
716KB
-
Sample
230507-h5htxadc33
-
MD5
e72c3c7e9bfc1c83e80dd1b05690d397
-
SHA1
504dfac9169b56e60e30fcda112f5336e13411f3
-
SHA256
fd36e87f08b87a1413854b9763d7603f12be2b5b15d2d4f87537d840faff3123
-
SHA512
78b346705b89a5fa85e648f20f142175535df47b3387df1a7606ff8cdcc9f0e9d1a17053a5c37a6fc21b69428575fb1a67d3507ba95ace6eabac71791ee0918c
-
SSDEEP
12288:xKmKY9Iq23dyes13kJa/zQV2C32ehROILOpeJ4wKk9MVePemjeFbpW:47MjaSoJV/OVMMvLzW
Static task
static1
Behavioral task
behavioral1
Sample
PO 6543YT56.xlsx.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
PO 6543YT56.xlsx.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6221660400:AAGb-WADrhdDFxd9kxzjtg3jdDw9-uvNVlM/sendMessage?chat_id=6200392710
Targets
-
-
Target
PO 6543YT56.xlsx.exe
-
Size
716KB
-
MD5
e72c3c7e9bfc1c83e80dd1b05690d397
-
SHA1
504dfac9169b56e60e30fcda112f5336e13411f3
-
SHA256
fd36e87f08b87a1413854b9763d7603f12be2b5b15d2d4f87537d840faff3123
-
SHA512
78b346705b89a5fa85e648f20f142175535df47b3387df1a7606ff8cdcc9f0e9d1a17053a5c37a6fc21b69428575fb1a67d3507ba95ace6eabac71791ee0918c
-
SSDEEP
12288:xKmKY9Iq23dyes13kJa/zQV2C32ehROILOpeJ4wKk9MVePemjeFbpW:47MjaSoJV/OVMMvLzW
-
Snake Keylogger payload
-
StormKitty payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-