General
-
Target
Hqwlldk.exe
-
Size
97KB
-
Sample
230801-mr866agd4z
-
MD5
8dbf454882aafca6d75eca481004a34a
-
SHA1
166da780c51f261719a6285ce5fe60e5e9ab36b2
-
SHA256
06a9ec554700c23590c89a5281d875fb042e1f8f1ce0ba8615883a4529cbe84f
-
SHA512
afdad43aa8e7f631a6326570cd3b707f4f2e884150d6f12925617396441f599e1959241e69a2d728d67b5f0dd2270c1bb518e0ea16cc77c7ebc26ba5f22e3e68
-
SSDEEP
3072:VMjJiEI12mUEsP3MgBtyomYlVjTwbkQqr433F:VMjEEknUjP8g+omYlyRa
Static task
static1
Behavioral task
behavioral1
Sample
Hqwlldk.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
Hqwlldk.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6394594767:AAElUYlr27DCSn2gW1gOerQUXsMbyXdE9lY/sendMessage?chat_id=6373691592
Targets
-
-
Target
Hqwlldk.exe
-
Size
97KB
-
MD5
8dbf454882aafca6d75eca481004a34a
-
SHA1
166da780c51f261719a6285ce5fe60e5e9ab36b2
-
SHA256
06a9ec554700c23590c89a5281d875fb042e1f8f1ce0ba8615883a4529cbe84f
-
SHA512
afdad43aa8e7f631a6326570cd3b707f4f2e884150d6f12925617396441f599e1959241e69a2d728d67b5f0dd2270c1bb518e0ea16cc77c7ebc26ba5f22e3e68
-
SSDEEP
3072:VMjJiEI12mUEsP3MgBtyomYlVjTwbkQqr433F:VMjEEknUjP8g+omYlyRa
Score10/10-
Snake Keylogger payload
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-