General
-
Target
img_23721jpg.exe
-
Size
751KB
-
Sample
230722-kdgtmsae81
-
MD5
a9c050ae19fcf43d9f35cca1f3ec4021
-
SHA1
8c90121b330793aa5409ebfb56a47b2e6e0689ca
-
SHA256
bf5e0325eb6371cde268e2798df868725f430a77a61a796694ea1ae7f66dbd89
-
SHA512
603ad12b7f7578e78ff6665848d44f057de6a8d4449d3dfe576ab285787b333cf59cb343edc30b0262aff587c261cf88696702007a380c2592f6e8dfb22697e4
-
SSDEEP
12288:hmigC31GkXEqjs0u1yrOnHcexDBuZaicSVLsTIaQ9ZOp53X3e0BRDkn:hmiBlGj06UucCDuJPxssSdVD
Static task
static1
Behavioral task
behavioral1
Sample
img_23721jpg.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
img_23721jpg.exe
Resource
win10-20230703-en
Behavioral task
behavioral3
Sample
img_23721jpg.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6341476624:AAHzFzzvwwNKpL2Qi8FTrJZNi1BPeeeAdFA/sendMessage?chat_id=5607586384
Targets
-
-
Target
img_23721jpg.exe
-
Size
751KB
-
MD5
a9c050ae19fcf43d9f35cca1f3ec4021
-
SHA1
8c90121b330793aa5409ebfb56a47b2e6e0689ca
-
SHA256
bf5e0325eb6371cde268e2798df868725f430a77a61a796694ea1ae7f66dbd89
-
SHA512
603ad12b7f7578e78ff6665848d44f057de6a8d4449d3dfe576ab285787b333cf59cb343edc30b0262aff587c261cf88696702007a380c2592f6e8dfb22697e4
-
SSDEEP
12288:hmigC31GkXEqjs0u1yrOnHcexDBuZaicSVLsTIaQ9ZOp53X3e0BRDkn:hmiBlGj06UucCDuJPxssSdVD
Score10/10-
Snake Keylogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-