General
-
Target
Ucaai.exe
-
Size
590KB
-
Sample
231010-kp9zkaec76
-
MD5
a3128c8b67fd08ae19dd966bef878cb4
-
SHA1
8e636f183d7185b23f9894bad847d1ada4561252
-
SHA256
afea8e29447ebe85480428e2ad947457d515968694dcb5d721886ad1d5945459
-
SHA512
caf3e8071c53c0838514110658a36deff6f90a205b941010537a95f8650181a16ca9c1776e2593bce52cea440fa7348937ff928e28b8553bb0f00201403a8fc5
-
SSDEEP
12288:4ES8ryazt80P6Etvu/2oALepFUAPU5bJb+a2HbTFDBWELTpKHf:4UJnLepFUAPU59bObTNL/YHf
Static task
static1
Behavioral task
behavioral1
Sample
Ucaai.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
Ucaai.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6356895858:AAHmcm_akjP0cvCFDNWqZ-6D8aFLszf0BKU/sendMessage?chat_id=5262627523
Targets
-
-
Target
Ucaai.exe
-
Size
590KB
-
MD5
a3128c8b67fd08ae19dd966bef878cb4
-
SHA1
8e636f183d7185b23f9894bad847d1ada4561252
-
SHA256
afea8e29447ebe85480428e2ad947457d515968694dcb5d721886ad1d5945459
-
SHA512
caf3e8071c53c0838514110658a36deff6f90a205b941010537a95f8650181a16ca9c1776e2593bce52cea440fa7348937ff928e28b8553bb0f00201403a8fc5
-
SSDEEP
12288:4ES8ryazt80P6Etvu/2oALepFUAPU5bJb+a2HbTFDBWELTpKHf:4UJnLepFUAPU59bObTNL/YHf
-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-