General
-
Target
122299dbd449798d5504153e36fff8916b5b9bf2895384d2105f67bd040a7eef
-
Size
25KB
-
Sample
230807-qhv5qagf8y
-
MD5
443e65dba3478a9d5c182821daedbb24
-
SHA1
293ca9c32b1dffbe0b7942cd32060bc51f5dab85
-
SHA256
122299dbd449798d5504153e36fff8916b5b9bf2895384d2105f67bd040a7eef
-
SHA512
8f627065a11d7c1bced0c420908f0e7bd9c89ab9651527dde5c03831f4c2af075d0fc0291370b18eef1e3a6fb406f8b83c87a53a20fa8741fa3f57e3508eea39
-
SSDEEP
384:NxHFkRaejqyS7F6BCHZrEc9eNQ/ffLxhw2vWS2bRFAUjXhKWxwlJpq61Xabs2FGd:3YPwFjHZrXsGzxh1WNuKRZk72FGd
Static task
static1
Behavioral task
behavioral1
Sample
122299dbd449798d5504153e36fff8916b5b9bf2895384d2105f67bd040a7eef.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
122299dbd449798d5504153e36fff8916b5b9bf2895384d2105f67bd040a7eef.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.opalilaclama.com.tr - Port:
465 - Username:
[email protected] - Password:
Zekeriya@35711 - Email To:
[email protected]
https://api.telegram.org/bot6248516913:AAGz2X7ZTTfP93otYJpsEGv_HscIKLPpAYY/sendMessage?chat_id=1467583453
Targets
-
-
Target
122299dbd449798d5504153e36fff8916b5b9bf2895384d2105f67bd040a7eef
-
Size
25KB
-
MD5
443e65dba3478a9d5c182821daedbb24
-
SHA1
293ca9c32b1dffbe0b7942cd32060bc51f5dab85
-
SHA256
122299dbd449798d5504153e36fff8916b5b9bf2895384d2105f67bd040a7eef
-
SHA512
8f627065a11d7c1bced0c420908f0e7bd9c89ab9651527dde5c03831f4c2af075d0fc0291370b18eef1e3a6fb406f8b83c87a53a20fa8741fa3f57e3508eea39
-
SSDEEP
384:NxHFkRaejqyS7F6BCHZrEc9eNQ/ffLxhw2vWS2bRFAUjXhKWxwlJpq61Xabs2FGd:3YPwFjHZrXsGzxh1WNuKRZk72FGd
Score10/10-
Snake Keylogger payload
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-