General
-
Target
Hahza.exe
-
Size
10KB
-
Sample
230802-kpv6eaeg9s
-
MD5
b1553384deba6a98d1a0caa98468d0ee
-
SHA1
f63e052ba7f25077d625f841241e2d2aa1ea7011
-
SHA256
37840987b437459b8f5774cfd36eb5a271c61808ccfa5e4aa63b005db127f71a
-
SHA512
807f89794347adbc82dac585656c62db9e0fd924e83ff7fffc28cd9f5f18c0859fbbc5c07c599fa41e40acd04bcb70651bd43714ffaf84b3c4a93bc7eba613a6
-
SSDEEP
96:JG/woST6RfWsr/Kk+M1k4XpCiwe5KhBC14P3R8jleB/TA2ezNt:J6RfWsjv+M1k4XFw0Kva4P3Slc/R4
Static task
static1
Behavioral task
behavioral1
Sample
Hahza.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
Hahza.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6631000928:AAFiCjddpMvTQX5-pktE-_9Ryd2LS01DYeE/sendMessage?chat_id=5716598986
Targets
-
-
Target
Hahza.exe
-
Size
10KB
-
MD5
b1553384deba6a98d1a0caa98468d0ee
-
SHA1
f63e052ba7f25077d625f841241e2d2aa1ea7011
-
SHA256
37840987b437459b8f5774cfd36eb5a271c61808ccfa5e4aa63b005db127f71a
-
SHA512
807f89794347adbc82dac585656c62db9e0fd924e83ff7fffc28cd9f5f18c0859fbbc5c07c599fa41e40acd04bcb70651bd43714ffaf84b3c4a93bc7eba613a6
-
SSDEEP
96:JG/woST6RfWsr/Kk+M1k4XpCiwe5KhBC14P3R8jleB/TA2ezNt:J6RfWsjv+M1k4XFw0Kva4P3Slc/R4
Score10/10-
Snake Keylogger payload
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-