General
-
Target
7c1edf4b0c59f5ea102acc6b8f4fa5e7cfe746fb0fb57dae879d1568ac135238
-
Size
182KB
-
Sample
231002-j8cbzaaa65
-
MD5
7044aa3c8fdbc84888d292e41ee0f4da
-
SHA1
e9185a7ce468307aa3a4328efc115e304c1e5bb2
-
SHA256
7c1edf4b0c59f5ea102acc6b8f4fa5e7cfe746fb0fb57dae879d1568ac135238
-
SHA512
e22e5e26e1caad6f542c0778a724f3561ac6dbc05d3354c2aaecbf98770843df3a317c7ed89f2015cb7723771e835bb9584f339ba212a8ccfa5ba1c779efc5f7
-
SSDEEP
3072:OE1Qx3Q0WC2d5uukXbmSrVeFnlAP8DL4ls9ZIHbmJXuNoDGqIFndCzR:OPweuCb72tMGIHbC9cdk9
Static task
static1
Behavioral task
behavioral1
Sample
Webxinfy.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
Webxinfy.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6495173086:AAHM8NMu-uOSJHZaHij-umtWDUwi5-hOLog/sendMessage?chat_id=5262627523
Targets
-
-
Target
Webxinfy.exe
-
Size
424KB
-
MD5
aef95313f585ac4fcf3fd9b6c489b286
-
SHA1
d0d887a33c18e6b70f4e37fbc0e1a384b33b476c
-
SHA256
b3dba4262136858ea1c87d1aca82830267af72efb7f509faa21dddcec066bc89
-
SHA512
97586a81524469fdb2d49778006a7b6d42b14a871e9b346572551374692fe55ce16337240aacbacb90ea3dca0dd993e96a4303be5f037cb72df00d97f2b93704
-
SSDEEP
6144:gVBZhKsN6+zRDQSsFv9CK5uj2rUHBwK67AfsOgy2tCeYYHrMEzvwe/vy3VXB1:gFhTOllCKsj2njAfsOgtzvZWV7
-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-