General
-
Target
38e497ba967a7027611f38d868b02f7c004_JC.exe
-
Size
590KB
-
Sample
230729-nv4aradc51
-
MD5
f30673ee0518982afd8b39dc2d9d5ae9
-
SHA1
f0d0dc64ef073a4a2fa132f3e47877304fd34d1e
-
SHA256
38e497ba967a7027611f38d868b02f7c00405cc0cde0500ee32a61103dddd4f4
-
SHA512
0d9e5f6314caf2337044e074436adc0f3ec9f98476d88e373c8ed93c192247bbf48bcb5a5917e0d9a2e8f62ae0203f26608933859f0d4c3f01877f9ada1671da
-
SSDEEP
12288:6bO57cZPwzlubFicMWIVsRjDrQLzFOhlXjmDy+bO5:MOZcZxQc/ZrQvFEoDyoO
Static task
static1
Behavioral task
behavioral1
Sample
38e497ba967a7027611f38d868b02f7c004_JC.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
38e497ba967a7027611f38d868b02f7c004_JC.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6064725165:AAHXOwTVVm0GMC2M_NZjTT0hEHEGMgtU55I/sendMessage?chat_id=5361285164
Targets
-
-
Target
38e497ba967a7027611f38d868b02f7c004_JC.exe
-
Size
590KB
-
MD5
f30673ee0518982afd8b39dc2d9d5ae9
-
SHA1
f0d0dc64ef073a4a2fa132f3e47877304fd34d1e
-
SHA256
38e497ba967a7027611f38d868b02f7c00405cc0cde0500ee32a61103dddd4f4
-
SHA512
0d9e5f6314caf2337044e074436adc0f3ec9f98476d88e373c8ed93c192247bbf48bcb5a5917e0d9a2e8f62ae0203f26608933859f0d4c3f01877f9ada1671da
-
SSDEEP
12288:6bO57cZPwzlubFicMWIVsRjDrQLzFOhlXjmDy+bO5:MOZcZxQc/ZrQvFEoDyoO
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-