General
-
Target
77c8dfbd11944592367783ec9a9f0e40.exe
-
Size
525KB
-
Sample
230610-l3xf3afc9w
-
MD5
77c8dfbd11944592367783ec9a9f0e40
-
SHA1
503fbea540adbb8822ee8231f672828b77a09d47
-
SHA256
5d63464bad9316f6dea4ffbe71989d50626f8b209305a34a1db87e5e0c6d7dac
-
SHA512
e5afe43ace447b18fc1809d4719a1a6c53b22c61278d6bb6e0b529ebd1f4925895e99eff974768c7a7c8ec36cba3e48f487704ebf64979055e52083953a9ab82
-
SSDEEP
12288:p39P4Nd4c6Y3+hzEeuzWaH46noaSO0V9J:19P4Ndr6/hzEeuzWaH4uTSOG
Static task
static1
Behavioral task
behavioral1
Sample
77c8dfbd11944592367783ec9a9f0e40.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
77c8dfbd11944592367783ec9a9f0e40.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6215194475:AAG0v9XHc1z7f3mGswGN6a7WHknQv8IgUJg/sendMessage?chat_id=1467583453
Targets
-
-
Target
77c8dfbd11944592367783ec9a9f0e40.exe
-
Size
525KB
-
MD5
77c8dfbd11944592367783ec9a9f0e40
-
SHA1
503fbea540adbb8822ee8231f672828b77a09d47
-
SHA256
5d63464bad9316f6dea4ffbe71989d50626f8b209305a34a1db87e5e0c6d7dac
-
SHA512
e5afe43ace447b18fc1809d4719a1a6c53b22c61278d6bb6e0b529ebd1f4925895e99eff974768c7a7c8ec36cba3e48f487704ebf64979055e52083953a9ab82
-
SSDEEP
12288:p39P4Nd4c6Y3+hzEeuzWaH46noaSO0V9J:19P4Ndr6/hzEeuzWaH4uTSOG
-
Snake Keylogger payload
-
StormKitty payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-