General
-
Target
Pjlbwitnky.exe
-
Size
30KB
-
Sample
230605-rkwdyaha54
-
MD5
2dcabf443b7d1abcc0c2de16ecec90bc
-
SHA1
e82d2533f5f7f64f0d15960dcbbf9b5b30d585c2
-
SHA256
1159798d7b0504960fd5b45cf68a8589c9b3d28e56b372a93195dd009cc45f55
-
SHA512
638e4986489be8a850b2991874249995764885232a344be34c2655f79aeb5aff58f674b87d8dc64afd3d9e4992f1843cc2938e493055ac391e387ea181a5dfb8
-
SSDEEP
384:Yt+fcBiL2sQvTNfqMLoLb7HE3/Afi7B02PZpBvgOeHItoUtPx+0HYX:YtJerY7cb7HEvAfS/PZp92fOp+3X
Static task
static1
Behavioral task
behavioral1
Sample
Pjlbwitnky.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Pjlbwitnky.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot5996089921:AAFFEnbgTY8Gt8G5jJy6llKhDg_Ha193t7c/sendMessage?chat_id=2054148913
Targets
-
-
Target
Pjlbwitnky.exe
-
Size
30KB
-
MD5
2dcabf443b7d1abcc0c2de16ecec90bc
-
SHA1
e82d2533f5f7f64f0d15960dcbbf9b5b30d585c2
-
SHA256
1159798d7b0504960fd5b45cf68a8589c9b3d28e56b372a93195dd009cc45f55
-
SHA512
638e4986489be8a850b2991874249995764885232a344be34c2655f79aeb5aff58f674b87d8dc64afd3d9e4992f1843cc2938e493055ac391e387ea181a5dfb8
-
SSDEEP
384:Yt+fcBiL2sQvTNfqMLoLb7HE3/Afi7B02PZpBvgOeHItoUtPx+0HYX:YtJerY7cb7HEvAfS/PZp92fOp+3X
Score10/10-
Snake Keylogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-