General
-
Target
c1fee507973aa8aa127c988dd895771f9f0f130d21664fa6a07418e9cf3f1b05
-
Size
182KB
-
Sample
231006-ecyswaba34
-
MD5
c14250f7f8f09478e1a39681fd45787a
-
SHA1
7e4b652d3d4ebf22dd5beff3a68df17c8ae5d6dd
-
SHA256
c1fee507973aa8aa127c988dd895771f9f0f130d21664fa6a07418e9cf3f1b05
-
SHA512
74d971e8073a441ce07ad45947487d561212e49ecac835ff9c5b129a7fbf1a7cca49d304ca9e76d357903d69af8957af7c4f08ff7e12c442c06b8338f9d1fa8c
-
SSDEEP
3072:xX4+dHrLOEylpFimPaewlRIshuNyOtpCU5p0hp70o0MSdLnPc091dXe7R93:xI2LLOEylpVxETS0hp70o0MSdLU091K
Static task
static1
Behavioral task
behavioral1
Sample
New PI Deatils Scan-111.scr
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
New PI Deatils Scan-111.scr
Resource
win10v2004-20230915-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6671294732:AAET3tNjnvtkP5V6BBk7bVJCu21NfW6qI20/sendMessage?chat_id=6488147836
Targets
-
-
Target
New PI Deatils Scan-111.scr
-
Size
498KB
-
MD5
2ad7546a23479cc71ad1b00920dff1d8
-
SHA1
9a6178148dbad72d7bcfe77115eef892ffbe81bc
-
SHA256
bb8869536a6b51c4676ad0411feac43b2ce06b4e342eed1a03e6927bab7b3662
-
SHA512
dc9e3a1da85a01506fb108fe0fb7359cd964af6d869ad6453d393744bb2701bb123f46e3e4cf841af4f71a1f1caff3d371b7c42dacf862317d1d74be086edc1a
-
SSDEEP
6144:dMClk8bGR3wT6MWgbqzjI/anW/uuf7ItbczYQCgp/qkQ9ygRYQKssqfHaWkeX/d6:JJbGyWM3bqI/anW/uuTYwCdsqfHaW2
-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-