General
-
Target
Haopelehp.exe
-
Size
727KB
-
Sample
230718-pz7z6sba8w
-
MD5
7ec449704168846bcc6fdb466409ba31
-
SHA1
8d976bdbe34abe5bc2f2e681402226abdeddc5f0
-
SHA256
cacc7162b9c5dacdd807215b37e7a0325c8d98de656b5845dc69d4cc467b0ab7
-
SHA512
596d786b70eec0232d9080321d9b7593ad9b7a1b3d464d74172aec84b51da18309f79663ebbbe7b144d679aec39c2a8b10ccd6c4c9af35bde055291098d13a30
-
SSDEEP
12288:RDQzYLnMjO9VcKeuwVdn+Hx72AZUB8sQok7Qre1ttJ1wf:RDiAMjScKeuqnA72AZUKz/HA
Static task
static1
Behavioral task
behavioral1
Sample
Haopelehp.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
Haopelehp.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6223040934:AAFZR7-nJPBtNtKiKjjFvb-144WYhjW9KHY/sendMessage?chat_id=6373691592
Targets
-
-
Target
Haopelehp.exe
-
Size
727KB
-
MD5
7ec449704168846bcc6fdb466409ba31
-
SHA1
8d976bdbe34abe5bc2f2e681402226abdeddc5f0
-
SHA256
cacc7162b9c5dacdd807215b37e7a0325c8d98de656b5845dc69d4cc467b0ab7
-
SHA512
596d786b70eec0232d9080321d9b7593ad9b7a1b3d464d74172aec84b51da18309f79663ebbbe7b144d679aec39c2a8b10ccd6c4c9af35bde055291098d13a30
-
SSDEEP
12288:RDQzYLnMjO9VcKeuwVdn+Hx72AZUB8sQok7Qre1ttJ1wf:RDiAMjScKeuqnA72AZUKz/HA
-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-