General
-
Target
Gjvdnpikd.exe
-
Size
10KB
-
Sample
230802-kpv6eaeg81
-
MD5
f7707dc68ef0113a7089fcbfb241f6b4
-
SHA1
bb82cb1fe49e8e699f2bc7a9eaa56d959f1e9c0a
-
SHA256
c9ab09547338e5fabc9a5389c098597734e14e00da6f455d106c813177fce35e
-
SHA512
dcba265d599a693c9a5546db4a9fd57f3c42e94dc8f7fed7f8f7c17d371fafec2bd6e0c875b80acd727cd14c96707f6403fb9226553c5ff66576f5428e34ec72
-
SSDEEP
192:n4TPB64dwfHjA7MdRhrN47cZnSD4cli/dq:42fM7MdR8AVSLlil
Static task
static1
Behavioral task
behavioral1
Sample
Gjvdnpikd.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
Gjvdnpikd.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6131487156:AAFzpoRUv23HSoE57FgrwPQiVuiha1F8Pcs/sendMessage?chat_id=6373691592
Targets
-
-
Target
Gjvdnpikd.exe
-
Size
10KB
-
MD5
f7707dc68ef0113a7089fcbfb241f6b4
-
SHA1
bb82cb1fe49e8e699f2bc7a9eaa56d959f1e9c0a
-
SHA256
c9ab09547338e5fabc9a5389c098597734e14e00da6f455d106c813177fce35e
-
SHA512
dcba265d599a693c9a5546db4a9fd57f3c42e94dc8f7fed7f8f7c17d371fafec2bd6e0c875b80acd727cd14c96707f6403fb9226553c5ff66576f5428e34ec72
-
SSDEEP
192:n4TPB64dwfHjA7MdRhrN47cZnSD4cli/dq:42fM7MdR8AVSLlil
Score10/10-
Snake Keylogger payload
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-