General
-
Target
Gyjjmn.exe
-
Size
13KB
-
Sample
230601-fn5k8sdb2t
-
MD5
1f78bd63a9097e0d1208cbc2bbc6ea17
-
SHA1
e8a086e14cc775951ee4628f586fc00b03e1c14f
-
SHA256
9cc6511bbdabccc21e3fee933fb9cc223b3e17d6865d12dae7ebaa2074f9b39f
-
SHA512
3e9f57ead229d78d5c1b5d5e045711cf367fc3a750f3c6f8f41d405de49e0b2f0f03b9a834c76e58a25c5f9372683b86e1c1c705f3cabc15a4102e43f2cf2740
-
SSDEEP
192:novfGLcL843eeLor7jAU8v5k+gXDVSTL5RtLe/Y2wdME:ovfGLcLNdLor7jgk+gXDw1Letu
Malware Config
Extracted
purecrypter
https://cdn.discordapp.com/attachments/1113589887258607668/1113593768474574978/Kptmybrzjx.dat
Extracted
snakekeylogger
https://api.telegram.org/bot5996089921:AAFFEnbgTY8Gt8G5jJy6llKhDg_Ha193t7c/sendMessage?chat_id=2054148913
Targets
-
-
Target
Gyjjmn.exe
-
Size
13KB
-
MD5
1f78bd63a9097e0d1208cbc2bbc6ea17
-
SHA1
e8a086e14cc775951ee4628f586fc00b03e1c14f
-
SHA256
9cc6511bbdabccc21e3fee933fb9cc223b3e17d6865d12dae7ebaa2074f9b39f
-
SHA512
3e9f57ead229d78d5c1b5d5e045711cf367fc3a750f3c6f8f41d405de49e0b2f0f03b9a834c76e58a25c5f9372683b86e1c1c705f3cabc15a4102e43f2cf2740
-
SSDEEP
192:novfGLcL843eeLor7jAU8v5k+gXDVSTL5RtLe/Y2wdME:ovfGLcLNdLor7jgk+gXDw1Letu
Score10/10-
PureCrypter
PureCrypter is a .NET malware loader first seen in early 2021.
-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-