General
-
Target
8b62f9dade3ae9d89c385c9f1ee2cba4fc3b0b9bae19e058133bce6f2e4a6df5_JC.exe
-
Size
757KB
-
Sample
231011-rdtxjadg42
-
MD5
5cf6c45026f270a5749bbcbd46a0a2ef
-
SHA1
cf1e937bf137b833280087b7d2d7fe4f9af13314
-
SHA256
8b62f9dade3ae9d89c385c9f1ee2cba4fc3b0b9bae19e058133bce6f2e4a6df5
-
SHA512
c33ed9dd8e51f5d1b16eb3b04ba37d3e014859608bb770eaec83fc94d979106455b9e11741bba5f40bfdb248a47300da878438ab1cbef19b15f94a81bf25ef0c
-
SSDEEP
12288:wU3VTFFT2rWGxEykWNj/VDBQXMj4Yq4z6SL2DltPB/bNNcx0HgRqf9Jic0251JdS:fArxcCQu4Yq/S9
Static task
static1
Behavioral task
behavioral1
Sample
8b62f9dade3ae9d89c385c9f1ee2cba4fc3b0b9bae19e058133bce6f2e4a6df5_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
8b62f9dade3ae9d89c385c9f1ee2cba4fc3b0b9bae19e058133bce6f2e4a6df5_JC.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6475845807:AAGECr5FXzQHiMYtJd3FBZgHQBCE3bsESJo/sendMessage?chat_id=2095430248
Targets
-
-
Target
8b62f9dade3ae9d89c385c9f1ee2cba4fc3b0b9bae19e058133bce6f2e4a6df5_JC.exe
-
Size
757KB
-
MD5
5cf6c45026f270a5749bbcbd46a0a2ef
-
SHA1
cf1e937bf137b833280087b7d2d7fe4f9af13314
-
SHA256
8b62f9dade3ae9d89c385c9f1ee2cba4fc3b0b9bae19e058133bce6f2e4a6df5
-
SHA512
c33ed9dd8e51f5d1b16eb3b04ba37d3e014859608bb770eaec83fc94d979106455b9e11741bba5f40bfdb248a47300da878438ab1cbef19b15f94a81bf25ef0c
-
SSDEEP
12288:wU3VTFFT2rWGxEykWNj/VDBQXMj4Yq4z6SL2DltPB/bNNcx0HgRqf9Jic0251JdS:fArxcCQu4Yq/S9
Score10/10-
Snake Keylogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-