General
-
Target
D67245B7BC0376A9AE316A37EFEC49BEB7FD2FB0BD5091BD4BB7BF2B1A12A48F
-
Size
537KB
-
Sample
230718-zkjn5sdh42
-
MD5
2cf5b5277cefa2fb2d0def8029888908
-
SHA1
4a3ac95c1b32423fd75585556c06e0ca6031b7cf
-
SHA256
d67245b7bc0376a9ae316a37efec49beb7fd2fb0bd5091bd4bb7bf2b1a12a48f
-
SHA512
e98c7bfd106227215c26de1f249e3b2bafab7a1e2b624dae75886bea9eeac67205d7ef7aeebaab7bdfa4224039662bdf22261bf9d66c8220280502438d12af5a
-
SSDEEP
12288:Sq7EJX/vWs3BqM+vySCshgndNX7tUjawNYLa/zsL:Srh7xBi3CshgaGwNrrsL
Static task
static1
Behavioral task
behavioral1
Sample
SWIFT.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
SWIFT.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot5738470399:AAEl1xY8CQoLfvnnvb8Ghc_dI459UJe2CS0/sendMessage?chat_id=6121826573
Targets
-
-
Target
SWIFT.exe
-
Size
589KB
-
MD5
cfd9400788cec445ea903430947b8ea4
-
SHA1
f5bf509cda1d41c193cd9ee91f55be8330216804
-
SHA256
aff17251d8ef67ff476b07d1b446389d6cef3f87179403904f6f55ce5e948c11
-
SHA512
67bcfb4f93158d1836c1646270b072f71b20067ee3f071c45824762101b7a72de8907f0823c829c9534abd7447118fa088421e18df692f5bb4ef015dbd6d63a1
-
SSDEEP
12288:a92iNG4/mNUAQHAZcK/LaHerukSjmWb6v2EdlCPs5Y7:81M4/QU/AsHwaHUM0Y
Score10/10-
Snake Keylogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-