General
-
Target
85769aadc4608e599612aeea1554436f1a3f0c2c4cf88c7a597b690061aeed6cexe_JC.exe
-
Size
826KB
-
Sample
230806-ntvxzshg88
-
MD5
f19d85c4e2ff2da0acad772d2c9fc3fd
-
SHA1
8ac325b48b211c0521a411d786ee2bfc0c8c3886
-
SHA256
85769aadc4608e599612aeea1554436f1a3f0c2c4cf88c7a597b690061aeed6c
-
SHA512
769e9afaeea926ba2c421f1fbbefda1435e02018d6da8371ef8446f6d2b4cf48448a36ab76c4ddebcd02c80a2ed8b23e8c74c678b0bea53e55abedc9c40494cf
-
SSDEEP
12288:rEKaJvqAye0xf76gbWs3Y9rJTuY0/gVCrpdnCNKiq5E+8:CqtxRbXY99uY6goC0+
Static task
static1
Behavioral task
behavioral1
Sample
85769aadc4608e599612aeea1554436f1a3f0c2c4cf88c7a597b690061aeed6cexe_JC.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
85769aadc4608e599612aeea1554436f1a3f0c2c4cf88c7a597b690061aeed6cexe_JC.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6686619258:AAGtzpvFWTOm8FcEhveRVJyG4SlPLoGP3xc/sendMessage?chat_id=6465958501
Targets
-
-
Target
85769aadc4608e599612aeea1554436f1a3f0c2c4cf88c7a597b690061aeed6cexe_JC.exe
-
Size
826KB
-
MD5
f19d85c4e2ff2da0acad772d2c9fc3fd
-
SHA1
8ac325b48b211c0521a411d786ee2bfc0c8c3886
-
SHA256
85769aadc4608e599612aeea1554436f1a3f0c2c4cf88c7a597b690061aeed6c
-
SHA512
769e9afaeea926ba2c421f1fbbefda1435e02018d6da8371ef8446f6d2b4cf48448a36ab76c4ddebcd02c80a2ed8b23e8c74c678b0bea53e55abedc9c40494cf
-
SSDEEP
12288:rEKaJvqAye0xf76gbWs3Y9rJTuY0/gVCrpdnCNKiq5E+8:CqtxRbXY99uY6goC0+
Score10/10-
Snake Keylogger payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-