General
-
Target
2e4dcd52a819ffd488b91e89d743ac9e.exe
-
Size
893KB
-
Sample
230718-g26wwsgf24
-
MD5
2e4dcd52a819ffd488b91e89d743ac9e
-
SHA1
27a250adf633fdc423ee330ccd2afd5b56cfd66e
-
SHA256
a11ef9d544cbb542549304eb4e297740f5cd06780218300085751c4ca0050309
-
SHA512
f58bd59684a330b4662bac3c953226640c0cfaaaa8560ce305bc29c3c7b6896dadd0d2af6c43da0941a473ec8249288e425a949b13067a4ee3bec4c7eea61a67
-
SSDEEP
12288:IWVt00/eseSFpd/upd/E2PKhk246c4MxXn6TUYlf8RYxu7ns:IWT00Gd5PKWTxX6TTras
Static task
static1
Behavioral task
behavioral1
Sample
2e4dcd52a819ffd488b91e89d743ac9e.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
2e4dcd52a819ffd488b91e89d743ac9e.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot2106150449:AAHIwsHmr23aQkTnyeD_XA0cTAX8yk2mXFM/sendMessage?chat_id=1990813371
Targets
-
-
Target
2e4dcd52a819ffd488b91e89d743ac9e.exe
-
Size
893KB
-
MD5
2e4dcd52a819ffd488b91e89d743ac9e
-
SHA1
27a250adf633fdc423ee330ccd2afd5b56cfd66e
-
SHA256
a11ef9d544cbb542549304eb4e297740f5cd06780218300085751c4ca0050309
-
SHA512
f58bd59684a330b4662bac3c953226640c0cfaaaa8560ce305bc29c3c7b6896dadd0d2af6c43da0941a473ec8249288e425a949b13067a4ee3bec4c7eea61a67
-
SSDEEP
12288:IWVt00/eseSFpd/upd/E2PKhk246c4MxXn6TUYlf8RYxu7ns:IWT00Gd5PKWTxX6TTras
Score10/10-
Snake Keylogger payload
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-