General
-
Target
495d8af23d282c25c53ac94805eedab8.bin
-
Size
603KB
-
Sample
230602-bw5trahf61
-
MD5
dc7913b31a9125bc1d6007d4aef833eb
-
SHA1
ed340d7596f71683641daccb21c0ed482a7d96d2
-
SHA256
7524d853a65af3f74392477d4ba0240dba528fc140ce9ef2693489d5ee4b9c3c
-
SHA512
a345241a4dd9e662f2c9af75a137b0b62989232ae10820a9ab36e18f2c5f3ae3194c8e1300ea48774f3dae5522021b55dead0f73a7f44ef58c41c40307cd3257
-
SSDEEP
12288:3WrVzYi9e/r9Et6gyrEHDu5FyRmma4GvSt6gjd3lakJ/ZpQeuiZra:3WrVzYiCCQrEH6sm3DoaKZpaita
Static task
static1
Behavioral task
behavioral1
Sample
bb8e3470cf05d4aa4e74551b11a39436681db63206d7c1bee0ddb4bdfe99dec7.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
bb8e3470cf05d4aa4e74551b11a39436681db63206d7c1bee0ddb4bdfe99dec7.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot5412042498:AAH4OVSAlB-9yvO0MxObTPVF8mPej6Ln4M4/sendMessage?chat_id=5573520537
Targets
-
-
Target
bb8e3470cf05d4aa4e74551b11a39436681db63206d7c1bee0ddb4bdfe99dec7.exe
-
Size
708KB
-
MD5
495d8af23d282c25c53ac94805eedab8
-
SHA1
1a377ec0bcbe1a1ddcdffd7ede7079f38eb3e44e
-
SHA256
bb8e3470cf05d4aa4e74551b11a39436681db63206d7c1bee0ddb4bdfe99dec7
-
SHA512
4b656e18c9f5b4986c6866f51d9262b63df70e95acc8dad4f5a107bae7445fcf5b1db4e077ad2cfa0a1973ceb36d9a01c2c43cfdf1a993f8b0b66611baf41839
-
SSDEEP
12288:pfjU22n22f223229AMTihh6xhZ6Ory76iaCfBs6EqbyGkvSgoKHeWeBU2kJMMMDg:ZU22n22f223222MUgh8ywguy8sHWQMM7
Score10/10-
Snake Keylogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-