General
-
Target
Ayuaey.exe
-
Size
661KB
-
Sample
230807-qktdxagg2x
-
MD5
88558239003de10b2342502825ed5d8f
-
SHA1
9f41c6501d79aa62d74d503497fd9d4d8fdbc320
-
SHA256
2d397c3b96952610182b2f157200c188b1f816689dda18ab175b813108acce13
-
SHA512
b4cad296cd4cc8788b75b6785b3b0644fdcc3f73300dd6e63e26504e14a05c6e31acc512fb75399038ac3ab1fd033d873483be3604275b17dbac704563925d9a
-
SSDEEP
12288:GpSFXvfq9PrHrTUA2IAWSMgJvjl6l2GRwLfQ9:CSFXvfqt3AbXRjl6Rn
Static task
static1
Behavioral task
behavioral1
Sample
Ayuaey.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
Ayuaey.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6312134911:AAEpy-chTluU2BKpH7SOV4jFqoRrZrAO-mQ/sendMessage?chat_id=6373691592
Targets
-
-
Target
Ayuaey.exe
-
Size
661KB
-
MD5
88558239003de10b2342502825ed5d8f
-
SHA1
9f41c6501d79aa62d74d503497fd9d4d8fdbc320
-
SHA256
2d397c3b96952610182b2f157200c188b1f816689dda18ab175b813108acce13
-
SHA512
b4cad296cd4cc8788b75b6785b3b0644fdcc3f73300dd6e63e26504e14a05c6e31acc512fb75399038ac3ab1fd033d873483be3604275b17dbac704563925d9a
-
SSDEEP
12288:GpSFXvfq9PrHrTUA2IAWSMgJvjl6l2GRwLfQ9:CSFXvfqt3AbXRjl6Rn
-
Snake Keylogger payload
-
Adds Run key to start application
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-