General
-
Target
PO SJS 20221109-02.xlsx.exe
-
Size
722KB
-
Sample
230602-gw843aaf2x
-
MD5
e067420d4846f5ec6295db05b2a0a981
-
SHA1
9dc078c6e827d602d5d75c079442183693ab4e16
-
SHA256
1f53cffa281a18eec6149e2fc33e25cb597281c536825156696a5fb6f48b59a1
-
SHA512
ecd95a2ae69127caf7c5debbd78dc17ebf9ad8438ade17354c837ec3b90e6aa20fe10b000a6b885717ea75e4000f421e609e7699406133fdeb8966f5ce33a773
-
SSDEEP
12288:tZNtb7l7xdvo/MdyrhFgtDsuBHsSj5J4+saBGjSFqwAofEAOY456+gIN2Iaq6OPV:tH9BqmycgiH75BI1wASEj4+p2sPURGfH
Static task
static1
Behavioral task
behavioral1
Sample
PO SJS 20221109-02.xlsx.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
PO SJS 20221109-02.xlsx.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6221660400:AAGb-WADrhdDFxd9kxzjtg3jdDw9-uvNVlM/sendMessage?chat_id=6200392710
Targets
-
-
Target
PO SJS 20221109-02.xlsx.exe
-
Size
722KB
-
MD5
e067420d4846f5ec6295db05b2a0a981
-
SHA1
9dc078c6e827d602d5d75c079442183693ab4e16
-
SHA256
1f53cffa281a18eec6149e2fc33e25cb597281c536825156696a5fb6f48b59a1
-
SHA512
ecd95a2ae69127caf7c5debbd78dc17ebf9ad8438ade17354c837ec3b90e6aa20fe10b000a6b885717ea75e4000f421e609e7699406133fdeb8966f5ce33a773
-
SSDEEP
12288:tZNtb7l7xdvo/MdyrhFgtDsuBHsSj5J4+saBGjSFqwAofEAOY456+gIN2Iaq6OPV:tH9BqmycgiH75BI1wASEj4+p2sPURGfH
-
Snake Keylogger payload
-
StormKitty payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-