General
-
Target
kajjjestipc.exe
-
Size
249KB
-
Sample
231006-wppjeaha35
-
MD5
f5c77a19f261493f31332bd2d0f8975e
-
SHA1
3cbbf9855b287b1a8edd1c1c14488e30668a2361
-
SHA256
43cb9f83a18f652860eab66b131d1f8a1545c44594fa81f301efa3b44a6b6148
-
SHA512
d642fbacaa4eae67d504984558a3d188d9bb7a13c9b887dfd57fd5803954ded9c1346ecf6c89346d165d57d2f6e55ce534284647a9ee0c0ac75e21b5420d89b3
-
SSDEEP
6144:aRPxunMnRQYxJLLbZUZLR2n4Ns4yFK2FDmP:aRP7RQYxJzZoG4yFK2FDC
Static task
static1
Behavioral task
behavioral1
Sample
kajjjestipc.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
kajjjestipc.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6609185892:AAFCGJ09V_hFm8GrfbIGpn7NZAMuK8VaOXs/sendMessage?chat_id=5262627523
Targets
-
-
Target
kajjjestipc.exe
-
Size
249KB
-
MD5
f5c77a19f261493f31332bd2d0f8975e
-
SHA1
3cbbf9855b287b1a8edd1c1c14488e30668a2361
-
SHA256
43cb9f83a18f652860eab66b131d1f8a1545c44594fa81f301efa3b44a6b6148
-
SHA512
d642fbacaa4eae67d504984558a3d188d9bb7a13c9b887dfd57fd5803954ded9c1346ecf6c89346d165d57d2f6e55ce534284647a9ee0c0ac75e21b5420d89b3
-
SSDEEP
6144:aRPxunMnRQYxJLLbZUZLR2n4Ns4yFK2FDmP:aRP7RQYxJzZoG4yFK2FDC
-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-