General
-
Target
Tudehluxjc.exe
-
Size
664KB
-
Sample
230807-qjkelsgf9w
-
MD5
4c04bbc78a794f659d4dd83e95c3d522
-
SHA1
3368899d115079599f67da061d2bb980913ce042
-
SHA256
17aef7f33ee1725a500067cf27953fbaaf7ae489c2cf974a0d5a676e454750eb
-
SHA512
758fdfcbc12467908ed7b2f3de6f38864a138fd9e42a0f8a31265f17e1d84df7bd1dcd5ee4f2ab7743b9a06c78290f9cc1c179af5a127f4195da619325ece14f
-
SSDEEP
12288:rg3dNu3HCZv9Z228k9mp3ZFm2CrFpYqjrUVRajl6l2GRwLfQ9g:rg3dNuMv9Z22f9mpu2YzjrARajl6Rn
Static task
static1
Behavioral task
behavioral1
Sample
Tudehluxjc.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
Tudehluxjc.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6312134911:AAEpy-chTluU2BKpH7SOV4jFqoRrZrAO-mQ/sendMessage?chat_id=6373691592
Targets
-
-
Target
Tudehluxjc.exe
-
Size
664KB
-
MD5
4c04bbc78a794f659d4dd83e95c3d522
-
SHA1
3368899d115079599f67da061d2bb980913ce042
-
SHA256
17aef7f33ee1725a500067cf27953fbaaf7ae489c2cf974a0d5a676e454750eb
-
SHA512
758fdfcbc12467908ed7b2f3de6f38864a138fd9e42a0f8a31265f17e1d84df7bd1dcd5ee4f2ab7743b9a06c78290f9cc1c179af5a127f4195da619325ece14f
-
SSDEEP
12288:rg3dNu3HCZv9Z228k9mp3ZFm2CrFpYqjrUVRajl6l2GRwLfQ9g:rg3dNuMv9Z22f9mpu2YzjrARajl6Rn
Score10/10-
Snake Keylogger payload
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-