General
-
Target
Qqiodttyb.exe
-
Size
22KB
-
Sample
231011-x4822agf51
-
MD5
18ca50ce46f3936a2fc9def3f45b5525
-
SHA1
611fc5292204652425f972fa13e77c75e40a95d7
-
SHA256
62c1d71fff5293071772735f75960544716be3c3ee5996c6889f3ef3b4e7bcec
-
SHA512
b9d362a2f862868935b637ee1a3bf27fe67b5302f43c677fae5cb1ceab245851589b87ecb7b041a3d1733a4d3abba41b9259e32be38a4c7099a4e6372ebf791d
-
SSDEEP
384:yOwBKtL2M2APL6yRqtxAx+roEOsVK/KO+sB6fea:8fs3RqtGx+roAYP+97
Static task
static1
Behavioral task
behavioral1
Sample
Qqiodttyb.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
Qqiodttyb.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6675876060:AAEydIMROdr0XsdBN7fk_mjJRQvyv_ectv4/sendMessage?chat_id=5262627523
Targets
-
-
Target
Qqiodttyb.exe
-
Size
22KB
-
MD5
18ca50ce46f3936a2fc9def3f45b5525
-
SHA1
611fc5292204652425f972fa13e77c75e40a95d7
-
SHA256
62c1d71fff5293071772735f75960544716be3c3ee5996c6889f3ef3b4e7bcec
-
SHA512
b9d362a2f862868935b637ee1a3bf27fe67b5302f43c677fae5cb1ceab245851589b87ecb7b041a3d1733a4d3abba41b9259e32be38a4c7099a4e6372ebf791d
-
SSDEEP
384:yOwBKtL2M2APL6yRqtxAx+roEOsVK/KO+sB6fea:8fs3RqtGx+roAYP+97
-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-