General
-
Target
Icsmcwcw.exe
-
Size
22KB
-
Sample
230929-kpwryagh2t
-
MD5
3c68b70b369230bfc695f391be176da9
-
SHA1
46c464f0d1cffeadcdd93c6c86c288860089c78a
-
SHA256
cad1feb442eba9bbe034cadb76a076607f5ebc98c499255c2971e743c40d681e
-
SHA512
5bf26ecaadd2831f798ffaa899508f9621b261959540656c93e5b0d51af74e566157fc9f5fa3e9be4f5a24cb701c690bc8b2e72291f412399bd1710a240d0efc
-
SSDEEP
384:MUTTskJkdw5HKWNPnbn+b/AeH9F9wGjEnAtNCSGFqU9:/5EwYqPbn+rLXiiEnuCLFqU9
Static task
static1
Behavioral task
behavioral1
Sample
Icsmcwcw.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
Icsmcwcw.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6563963046:AAGlyBHZ_ALQCHnOUZcYa0FHqP2za43gVaM/sendMessage?chat_id=5262627523
Targets
-
-
Target
Icsmcwcw.exe
-
Size
22KB
-
MD5
3c68b70b369230bfc695f391be176da9
-
SHA1
46c464f0d1cffeadcdd93c6c86c288860089c78a
-
SHA256
cad1feb442eba9bbe034cadb76a076607f5ebc98c499255c2971e743c40d681e
-
SHA512
5bf26ecaadd2831f798ffaa899508f9621b261959540656c93e5b0d51af74e566157fc9f5fa3e9be4f5a24cb701c690bc8b2e72291f412399bd1710a240d0efc
-
SSDEEP
384:MUTTskJkdw5HKWNPnbn+b/AeH9F9wGjEnAtNCSGFqU9:/5EwYqPbn+rLXiiEnuCLFqU9
-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-