General
-
Target
SecuriteInfo.com.Win32.PWSX-gen.31800.1336.exe
-
Size
562KB
-
Sample
230927-gek1xahe82
-
MD5
a6e27476fcf3b370cb3a39eed9711232
-
SHA1
6d7248bb673f781a5d93982613c25555f39d7500
-
SHA256
37126cf9380ef51cfd3edd6718f68995776eb13df819ebae3d1ac974148ec3cb
-
SHA512
9a5306dcbeedf1a06aa97bf4d33a061c0af0169b28cfba14f024cc22ce358624631652cf5d8fa8a76f41ff064d1983a5b795ffc53efaf816c1a12faab01eaade
-
SSDEEP
12288:9u1h+Uw1MMMDMMMACUE1o0WA8jyFVIUfTBOT7d73m:IgMMMDMMMAChWyFZfTgd73m
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.PWSX-gen.31800.1336.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Win32.PWSX-gen.31800.1336.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6493157304:AAGHAAmVG_ud-GzRlE5SfjpNm92V1vbaysI/sendMessage?chat_id=6518133154
Targets
-
-
Target
SecuriteInfo.com.Win32.PWSX-gen.31800.1336.exe
-
Size
562KB
-
MD5
a6e27476fcf3b370cb3a39eed9711232
-
SHA1
6d7248bb673f781a5d93982613c25555f39d7500
-
SHA256
37126cf9380ef51cfd3edd6718f68995776eb13df819ebae3d1ac974148ec3cb
-
SHA512
9a5306dcbeedf1a06aa97bf4d33a061c0af0169b28cfba14f024cc22ce358624631652cf5d8fa8a76f41ff064d1983a5b795ffc53efaf816c1a12faab01eaade
-
SSDEEP
12288:9u1h+Uw1MMMDMMMACUE1o0WA8jyFVIUfTBOT7d73m:IgMMMDMMMAChWyFZfTgd73m
Score10/10-
Snake Keylogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-