General
-
Target
08123499.exe
-
Size
171KB
-
Sample
230601-sebysaeh56
-
MD5
87bf7cbcaad9c9d42226765a9a00123b
-
SHA1
47f672dc1112ff2ddd32b7bf69aa66725e04a0ca
-
SHA256
e4e48fd7e9b03db186315f6afa59deb72c2d8d741bc1411bd4a11b73bd2b8371
-
SHA512
ea491a62cac018acbc274f7c0647fe8a14ac1bcd8ecfd73e3bdacea9cffb785c534991a42b0d8d17e72e9784c0eaac5090202a8f741b5333347b4f776a7605cb
-
SSDEEP
3072:ad+hKaS+2cePjFMMHkDR99yrmiXjzhe3+32NofxvPXj5:E+hKanteLFUH9iZe3ePvj5
Static task
static1
Behavioral task
behavioral1
Sample
08123499.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
08123499.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6184780923:AAHbCGrBU_2zg9A-73yTyKKCMGf1tkzUFbM/sendMessage?chat_id=759814203
Targets
-
-
Target
08123499.exe
-
Size
171KB
-
MD5
87bf7cbcaad9c9d42226765a9a00123b
-
SHA1
47f672dc1112ff2ddd32b7bf69aa66725e04a0ca
-
SHA256
e4e48fd7e9b03db186315f6afa59deb72c2d8d741bc1411bd4a11b73bd2b8371
-
SHA512
ea491a62cac018acbc274f7c0647fe8a14ac1bcd8ecfd73e3bdacea9cffb785c534991a42b0d8d17e72e9784c0eaac5090202a8f741b5333347b4f776a7605cb
-
SSDEEP
3072:ad+hKaS+2cePjFMMHkDR99yrmiXjzhe3+32NofxvPXj5:E+hKanteLFUH9iZe3ePvj5
-
Snake Keylogger payload
-
StormKitty payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-