General
-
Target
04cb26da2d9222bf9204ad1f2307310c.bin
-
Size
481KB
-
Sample
231013-bctmdaae57
-
MD5
61c728c25b4e5b8a063835e3e9f75a2f
-
SHA1
40ecfcb0772f644ddb68e519a0cceb91af9b3f14
-
SHA256
13d3f276a58ec7259ce36fc73497417dc35deae08c16eee00b642d0d59b11593
-
SHA512
89d94ecddbac60b863ed180a47c043f66542000e591ac06a939d6810ca961dfb826e37d06b6c456cf20f534497c085c739e9410727d1756699b184c00fe74dfe
-
SSDEEP
12288:+CM0q0qmCOarovcJLdtHPGo8+vV5kPxBuyP4jwFA:+C12m7aNVel+vrkjUwFA
Static task
static1
Behavioral task
behavioral1
Sample
bce910742ec10a1cdffe6c194b65c2a66980dff76b5fdc56c46a6d9a9f41d48a.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
bce910742ec10a1cdffe6c194b65c2a66980dff76b5fdc56c46a6d9a9f41d48a.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6076917727:AAGbsf1c44EC0CR26JUQPsvvVqX6Ki5kb9k/sendMessage?chat_id=6282564049
Targets
-
-
Target
bce910742ec10a1cdffe6c194b65c2a66980dff76b5fdc56c46a6d9a9f41d48a.exe
-
Size
679KB
-
MD5
04cb26da2d9222bf9204ad1f2307310c
-
SHA1
e80af5a2284c9cc5ec51315b8b95a5aecf62b449
-
SHA256
bce910742ec10a1cdffe6c194b65c2a66980dff76b5fdc56c46a6d9a9f41d48a
-
SHA512
528c78b8e02ecf36c85c4d0c023d57302efa6206d7e5caefb60c764fe648984faaaa434906e9014b54b5fa5a28169a8b6fc0da4a11c7e1529086017f6965b8e6
-
SSDEEP
12288:Kj40L5klf7Lr0QnQ3Ei9PyMHpEIKUFO2xgOZK7YDeCNAmC:KTLKjLr0QnQ1MoECksCCNAmC
Score10/10-
Snake Keylogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-