General
-
Target
DMStioshPWWQJWm.exe
-
Size
690KB
-
Sample
230507-ryencafa27
-
MD5
0ace70c2bc94f4ca950dcb66753293fe
-
SHA1
a0a04a509017336fe23b2506c31dbfcb2b5a86d4
-
SHA256
25c432720e7e86454a3156b83a485e94fcea7ae77f791a0c0d5810e5ab72ebea
-
SHA512
389f24f241ee4f285157a34dedcc6a40862c391d087b85f244f781e4eb4b7461eccf407011829eee7ee20c2c99d4eb3d663b09a06756de4424d419ca61af0d80
-
SSDEEP
12288:wDGPjDjEBh9nvTmzGTU3YB73NnYdaZKj4J7ueCDIDpRqSh96J/yyM+:wS/Gh9vTmGA3YB79YdI04BuJDIDp4W65
Static task
static1
Behavioral task
behavioral1
Sample
DMStioshPWWQJWm.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
DMStioshPWWQJWm.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6273702310:AAGUtuDoY11m3LCVw0RgYYXqZb-1CRvB5Ok/sendMessage?chat_id=6143595836
Targets
-
-
Target
DMStioshPWWQJWm.exe
-
Size
690KB
-
MD5
0ace70c2bc94f4ca950dcb66753293fe
-
SHA1
a0a04a509017336fe23b2506c31dbfcb2b5a86d4
-
SHA256
25c432720e7e86454a3156b83a485e94fcea7ae77f791a0c0d5810e5ab72ebea
-
SHA512
389f24f241ee4f285157a34dedcc6a40862c391d087b85f244f781e4eb4b7461eccf407011829eee7ee20c2c99d4eb3d663b09a06756de4424d419ca61af0d80
-
SSDEEP
12288:wDGPjDjEBh9nvTmzGTU3YB73NnYdaZKj4J7ueCDIDpRqSh96J/yyM+:wS/Gh9vTmGA3YB79YdI04BuJDIDp4W65
-
Snake Keylogger payload
-
StormKitty payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-