General
-
Target
SecuriteInfo.com.IL.Trojan.MSILZilla.22611.15610.5880.exe
-
Size
154KB
-
Sample
230601-2g3zqahb8x
-
MD5
cd7722e668bab8732008fc21cd5c54c8
-
SHA1
8975a70599cb30e8dbf6fd1e9494e2ff64773463
-
SHA256
e28909c004f094d21d333e507708ec6f5cd0cc78144b3f9ff01a053cbd443bea
-
SHA512
c14a6550cc68fe73b650c0772c567e84febeb3a7fc0c1d67a7f81bbd363e96ab3e16526557ab1d341af5e13c6de843945b1c4a33614a0dd9a38d4cd1021a0e7b
-
SSDEEP
3072:mv+9f2lFEuvThAoAimIzlSyM/bx9wFBvEZSin/Uh8wPC7wCuQo5bXOMGkUzllQEf:G+9fGuuvTLbmilSyIbx92EZ/C8wPCWQ3
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.IL.Trojan.MSILZilla.22611.15610.5880.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.IL.Trojan.MSILZilla.22611.15610.5880.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6184780923:AAHbCGrBU_2zg9A-73yTyKKCMGf1tkzUFbM/sendMessage?chat_id=759814203
Targets
-
-
Target
SecuriteInfo.com.IL.Trojan.MSILZilla.22611.15610.5880.exe
-
Size
154KB
-
MD5
cd7722e668bab8732008fc21cd5c54c8
-
SHA1
8975a70599cb30e8dbf6fd1e9494e2ff64773463
-
SHA256
e28909c004f094d21d333e507708ec6f5cd0cc78144b3f9ff01a053cbd443bea
-
SHA512
c14a6550cc68fe73b650c0772c567e84febeb3a7fc0c1d67a7f81bbd363e96ab3e16526557ab1d341af5e13c6de843945b1c4a33614a0dd9a38d4cd1021a0e7b
-
SSDEEP
3072:mv+9f2lFEuvThAoAimIzlSyM/bx9wFBvEZSin/Uh8wPC7wCuQo5bXOMGkUzllQEf:G+9fGuuvTLbmilSyIbx92EZ/C8wPCWQ3
-
Snake Keylogger payload
-
StormKitty payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-