General
-
Target
Yyvxgqbd.exe
-
Size
67KB
-
Sample
230722-j95pxaae5z
-
MD5
ba1709a3d54af0425c34b589d9b5d45e
-
SHA1
d53c7553af2bd60222a942f477fd3234776a1e85
-
SHA256
6bcf3454be579fca552338a3f5c192d5301ade9b8c7cb2ace0dc049e33ffa385
-
SHA512
ce32a43717003d883bc8fcfec9739d332c644f4ad362a773df6e592e00052da1358951248aa977d974404fb39b0e199e0d6e9a85be7d683033afaf78a686105f
-
SSDEEP
768:2FfuCQ0XZnC5Zw7P22jg3aur1k6IwVlj7ceKguXgcKmxDERgXl+28Be3:2FfunOg3zrRVcn7X4mJYtBe3
Static task
static1
Behavioral task
behavioral1
Sample
Yyvxgqbd.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
Yyvxgqbd.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6362226928:AAEy_YKrGOhDs-QKpzHM8bwWaBrcjSBTM4A/sendMessage?chat_id=6373691592
Targets
-
-
Target
Yyvxgqbd.exe
-
Size
67KB
-
MD5
ba1709a3d54af0425c34b589d9b5d45e
-
SHA1
d53c7553af2bd60222a942f477fd3234776a1e85
-
SHA256
6bcf3454be579fca552338a3f5c192d5301ade9b8c7cb2ace0dc049e33ffa385
-
SHA512
ce32a43717003d883bc8fcfec9739d332c644f4ad362a773df6e592e00052da1358951248aa977d974404fb39b0e199e0d6e9a85be7d683033afaf78a686105f
-
SSDEEP
768:2FfuCQ0XZnC5Zw7P22jg3aur1k6IwVlj7ceKguXgcKmxDERgXl+28Be3:2FfunOg3zrRVcn7X4mJYtBe3
-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-