General
-
Target
Wnasqalvg.exe
-
Size
99KB
-
Sample
230801-mr866agd4y
-
MD5
5e8126c0c3bb629ee4b18dbe80801da5
-
SHA1
04215ad2be82e01e588e16a65a58ab9b7b757d27
-
SHA256
75fe2e05556461cf5b623ce60ba191ec4153ca13931260faa99ce558ac86914a
-
SHA512
d5f202490df8d84a5ed9d5e83d76978cd0b836dd1ffc31eac169b5ec75c3c728c2938c4c919748df15c6975f27bd7ec6f3fa3a47714687d77e072ef0313c5b59
-
SSDEEP
1536:avBOOhLjf94kUmTzzugagH+rAfnNgwW3QMNsi/ZL1F6qvqCLMotw:LO1CYOgDH+0fNgw3Me41tw
Static task
static1
Behavioral task
behavioral1
Sample
Wnasqalvg.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
Wnasqalvg.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6323155837:AAGetKXnPtbbyO0kxwEiTX4EeslRECcAfuM/sendMessage?chat_id=5716598986
Targets
-
-
Target
Wnasqalvg.exe
-
Size
99KB
-
MD5
5e8126c0c3bb629ee4b18dbe80801da5
-
SHA1
04215ad2be82e01e588e16a65a58ab9b7b757d27
-
SHA256
75fe2e05556461cf5b623ce60ba191ec4153ca13931260faa99ce558ac86914a
-
SHA512
d5f202490df8d84a5ed9d5e83d76978cd0b836dd1ffc31eac169b5ec75c3c728c2938c4c919748df15c6975f27bd7ec6f3fa3a47714687d77e072ef0313c5b59
-
SSDEEP
1536:avBOOhLjf94kUmTzzugagH+rAfnNgwW3QMNsi/ZL1F6qvqCLMotw:LO1CYOgDH+0fNgw3Me41tw
Score10/10-
Snake Keylogger payload
-
Drops startup file
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-