General
-
Target
06102023_1242_231005-001-ba.xz
-
Size
4KB
-
Sample
231006-fbqxbaha6z
-
MD5
7bd1e276bf9c20df5bf65c2461d239a1
-
SHA1
0a19b3d296adaa7561061867aea45f5265ee47c0
-
SHA256
5181d81838b5503e1153124ffe91b450957561db1215c38ae3fbc19a44cb666b
-
SHA512
9c3648688fedf7f947a0f7fa8498eae0265d020db2bffcc260ab5724773ad5c34127202cd395a9bd74ba6b6817e2b9cd975c2b71ec4264b7aa6c43e20cc67230
-
SSDEEP
96:Wt1cQUAEk3fWgNJoeS3t2vk0z5Q/RVIFzIKwoSUm:6cQLfhfErzCzIKwoTm
Static task
static1
Behavioral task
behavioral1
Sample
231005-001-ba.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
231005-001-ba.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6350529534:AAEbFW9VBWTKQfN1Y3K_5RJARCtOn1UqK8o/sendMessage?chat_id=1467583453
Targets
-
-
Target
231005-001-ba.exe
-
Size
17KB
-
MD5
de27680c97817a80d129bd4296b07aad
-
SHA1
0a65535b0999203e92a09558e4788fa35ce1356f
-
SHA256
b0cd061d54e8b33318b34ae93ae6daeb5658e5c7a1af209b48ead04bff0137b7
-
SHA512
10f2f820b9375452618a9bb6190baef1537203b35ce5ed4c358b7f5b00a9214e15359e200e476368eafa12319728fb0b1233865062d7d804bc41cbd4e1f90748
-
SSDEEP
192:P2aJAwmOk+4YlpUiCI/BpFNPNZJ9afe3tkBV4:PVXuQUiCI5HNPNZJ9afedAV
-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-