General
-
Target
Refbkefruvt.exe
-
Size
587KB
-
Sample
230803-hvx6vabh27
-
MD5
a58ba28556b22b42763f7e250fb0a4ee
-
SHA1
1736c40a3405568ea7eb99626fc6787225081eac
-
SHA256
0ebd3bc3035a85c16d9856235d470598e247755fb4b3744c32ac6bab6c4d311f
-
SHA512
e2061c4c2ab471f4f6d7c9af420cb821f28b640f3c8b0a20fa7d994e36c0a1996922f84cc471e26518eeba3bbe059cb861371afb5c612327be9a9706f7f0abf0
-
SSDEEP
6144:hWsTS0AV13ha4LtgdA8ICUNV9xIm683GcS+/ccP+zwrC3vGIETPm3zBzPH:k3ltga2UNKsFSJcPu
Static task
static1
Behavioral task
behavioral1
Sample
Refbkefruvt.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
Refbkefruvt.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6131487156:AAFzpoRUv23HSoE57FgrwPQiVuiha1F8Pcs/sendMessage?chat_id=6373691592
Targets
-
-
Target
Refbkefruvt.exe
-
Size
587KB
-
MD5
a58ba28556b22b42763f7e250fb0a4ee
-
SHA1
1736c40a3405568ea7eb99626fc6787225081eac
-
SHA256
0ebd3bc3035a85c16d9856235d470598e247755fb4b3744c32ac6bab6c4d311f
-
SHA512
e2061c4c2ab471f4f6d7c9af420cb821f28b640f3c8b0a20fa7d994e36c0a1996922f84cc471e26518eeba3bbe059cb861371afb5c612327be9a9706f7f0abf0
-
SSDEEP
6144:hWsTS0AV13ha4LtgdA8ICUNV9xIm683GcS+/ccP+zwrC3vGIETPm3zBzPH:k3ltga2UNKsFSJcPu
Score10/10-
Snake Keylogger payload
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-