General
-
Target
9d2b93c207ed97cc7b272da9a8d388077d97dc389e2c0e9645e917aa5f0619a8
-
Size
577KB
-
Sample
230808-pjdrdscd72
-
MD5
87e8c813255d7a8768b98765cdcfed67
-
SHA1
1613953ba8a07e11e89ed77c28afe58d872891bb
-
SHA256
9d2b93c207ed97cc7b272da9a8d388077d97dc389e2c0e9645e917aa5f0619a8
-
SHA512
0b415ca68d1f44ca9c45102e7141e117ad9dbb1eda3cc21c75eec9b33897d21ee2ddd3d0e66b0b23eff1a6aabadd3d56bee64939b65170e942e5498cb77c744e
-
SSDEEP
12288:25LbzIu9+r9GJ+iyhAGkFuT/r2GGjerRWvEF8xLCnysHu:25LA9IvGTqY/XueosF8xoy9
Static task
static1
Behavioral task
behavioral1
Sample
9d2b93c207ed97cc7b272da9a8d388077d97dc389e2c0e9645e917aa5f0619a8.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
9d2b93c207ed97cc7b272da9a8d388077d97dc389e2c0e9645e917aa5f0619a8.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot5830566856:AAGWFy9uABhntGSW37Ll1sdhis_3Sq_arBM/sendMessage?chat_id=1467583453
Targets
-
-
Target
9d2b93c207ed97cc7b272da9a8d388077d97dc389e2c0e9645e917aa5f0619a8
-
Size
577KB
-
MD5
87e8c813255d7a8768b98765cdcfed67
-
SHA1
1613953ba8a07e11e89ed77c28afe58d872891bb
-
SHA256
9d2b93c207ed97cc7b272da9a8d388077d97dc389e2c0e9645e917aa5f0619a8
-
SHA512
0b415ca68d1f44ca9c45102e7141e117ad9dbb1eda3cc21c75eec9b33897d21ee2ddd3d0e66b0b23eff1a6aabadd3d56bee64939b65170e942e5498cb77c744e
-
SSDEEP
12288:25LbzIu9+r9GJ+iyhAGkFuT/r2GGjerRWvEF8xLCnysHu:25LA9IvGTqY/XueosF8xoy9
Score10/10-
Snake Keylogger payload
-
StormKitty payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-