General
-
Target
092e78899a2d91e9aa768c1078e12016076a1384f9499f8dff5ec7471580794b
-
Size
532KB
-
Sample
231005-ec1x8sge6t
-
MD5
44e0029af67e9d44f869cbaf2cafc051
-
SHA1
2b7aaf9644a4bc485488b66a11483161519f1491
-
SHA256
092e78899a2d91e9aa768c1078e12016076a1384f9499f8dff5ec7471580794b
-
SHA512
b1fead7b6a793cb6d725f9f99d2aba6cafefe8557d7de75cf03e7122456c3f6b326307ab7fc1331b6f331a0446d53d41156130ad0522e7a670493325800eba33
-
SSDEEP
12288:eZwjRZbqXCxT1AamV3FHmXXGPq880KpD+BmcIAFc3y5pN:eZwTOC6aK3tGXsCCAwFc3UpN
Static task
static1
Behavioral task
behavioral1
Sample
Inquiry Parts 2023-10.scr
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
Inquiry Parts 2023-10.scr
Resource
win10v2004-20230915-en
Behavioral task
behavioral3
Sample
RFQ-1199211.exe
Resource
win7-20230831-en
Behavioral task
behavioral4
Sample
RFQ-1199211.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6037842610:AAGtFhP2ARfeZprQQ-fc4jocpQJfZYmE3Vo/sendMessage?chat_id=5086753017
Targets
-
-
Target
Inquiry Parts 2023-10.scr
-
Size
769KB
-
MD5
5effabc97480cc8fb3cfa6833d20e5ef
-
SHA1
168c4247f596a89f73b081b20e214a74feed0109
-
SHA256
18984ef29316e8b0ca4423e4f17418b23ec54e91bb7809ea5f840d03b618d987
-
SHA512
fa77e8e1e805a98e46773b3a2b2301bff80134bfb764d8cc4b1b1563ec3ab964a82ae519582288c5f9e556d0964ae9c1c8c50c5d564be6581dc5091f757eb6bd
-
SSDEEP
12288:CRvAblxM/xBzcFyHcJNdWfpuL19aoI+39k68:CRYbnM/Xzc3Nmpaz++h8
Score10/10-
Snake Keylogger payload
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
-
-
Target
RFQ-1199211.exe
-
Size
768KB
-
MD5
21724c44495555e825f87cfc2b119bcf
-
SHA1
ea70f6fbebbb74a5c5b5b204136877b441f72da0
-
SHA256
8f86f0d30b96a4ffaf93e9726caefeaece8d3298534422fb5c5337ad8620ee59
-
SHA512
009c7fce795a64657244a7b581d58ed161360f29e4c8bdd5a5d6d395604d611f15504cefdb0944372aa0bb9f3a0d134bd4d869877c1e0c5d70efd2074a7a5d9a
-
SSDEEP
12288:fkXrDAYOu6LykBv6iWCj6SUptA8ghXDyQZE6+n889c4NcaiTWOo:fkfAQdkBj6S+GXmJGUcailo
-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-