General
-
Target
f01d6fe1962c9039b5f41e60df3e1aac339d796b8d660e4c67da5d84d0798496
-
Size
179KB
-
Sample
231006-ffbcesbc42
-
MD5
6ea8dec20a1a4c3816b5b4376fe586d7
-
SHA1
6df9f9198b24abf7e58d90585d2e57a17364e8f8
-
SHA256
f01d6fe1962c9039b5f41e60df3e1aac339d796b8d660e4c67da5d84d0798496
-
SHA512
4583e258a912cf208c6a13516af7f0a8f95dd24b7948a5ce66f4f48b6405982a92e9e637e223e8db646ed9d9335d3d710f791cb475db472cfed1180bd87ee8e7
-
SSDEEP
3072:R31vXwzbp+EBt+F/T2JnwgYkBP/6/g2IJkUc1kzrLmqTm1nxThMR/a9iQknv/B+i:RZwzoOt+FWwgYmaI2JUcWzGcm1nxFrE5
Static task
static1
Behavioral task
behavioral1
Sample
Quotation Request for Parts Order.scr
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
Quotation Request for Parts Order.scr
Resource
win10v2004-20230915-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6671294732:AAET3tNjnvtkP5V6BBk7bVJCu21NfW6qI20/sendMessage?chat_id=6488147836
Targets
-
-
Target
Quotation Request for Parts Order.scr
-
Size
498KB
-
MD5
2ad7546a23479cc71ad1b00920dff1d8
-
SHA1
9a6178148dbad72d7bcfe77115eef892ffbe81bc
-
SHA256
bb8869536a6b51c4676ad0411feac43b2ce06b4e342eed1a03e6927bab7b3662
-
SHA512
dc9e3a1da85a01506fb108fe0fb7359cd964af6d869ad6453d393744bb2701bb123f46e3e4cf841af4f71a1f1caff3d371b7c42dacf862317d1d74be086edc1a
-
SSDEEP
6144:dMClk8bGR3wT6MWgbqzjI/anW/uuf7ItbczYQCgp/qkQ9ygRYQKssqfHaWkeX/d6:JJbGyWM3bqI/anW/uuTYwCdsqfHaW2
-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-