General
-
Target
e9ce85db6dc343245a12b0ac30190c5e9944a42e865aa3f5ea3b41a5d65c8137
-
Size
653KB
-
Sample
231011-pw7j8sgc3y
-
MD5
8886d4ef360496237804368da14206d8
-
SHA1
ac105a8b1de08c345e9bcf5bb8ad2eb039be3687
-
SHA256
e9ce85db6dc343245a12b0ac30190c5e9944a42e865aa3f5ea3b41a5d65c8137
-
SHA512
9d141417cd94b4c0cc52234bfa11e64f3d00d7a0c545475df5aa2716e3a47d89c9557c6995da4a9dffe0128da306c38d6ad1bd903a0e9f909e87b9c0a964ff85
-
SSDEEP
12288:BbC41SuDBrwPgyLVzOx3M19uO3raWhv51D+lbOx4g8LUUoR1zxSodrYl1+YF71:BbVYuJwrVqKGO31hv516lOmLJoR1zgoW
Static task
static1
Behavioral task
behavioral1
Sample
AW87438991 Shipping Document of goods.bat
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
AW87438991 Shipping Document of goods.bat
Resource
win10v2004-20230915-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6553808600:AAEctl9z_ViEe1VbBXIi3Q8EzcyyXMP9F5g/sendMessage?chat_id=5086753017
Targets
-
-
Target
AW87438991 Shipping Document of goods.bat
-
Size
865KB
-
MD5
722f1c5eef20be0cc0c13609a32fbcf0
-
SHA1
95ea04e0671acf23dfb0a8937feedb193d8c1db9
-
SHA256
c6cd9239769abc6280231e68ea19720889e64068fb5a347629755be0c6e735ae
-
SHA512
76545545417f959ad191e1d55194354d4e941008943062d6b48c42c6b2cbfd7669b747601423e6f6a0a59ad45959f569c8b8c7a3115404567b8bfcc402d4dafe
-
SSDEEP
24576:TmsLDIDisDkpyOiisSniF83PQmM4pPx8fkr:asiXDklDQ83PVRRr
Score10/10-
Snake Keylogger payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-