General
-
Target
Swift.txt.exe
-
Size
532KB
-
Sample
231017-gzw9nsbd77
-
MD5
12bbcd47078601a66f15749bca45573a
-
SHA1
ea72daecddca36a8acff3c0a8c059e76dde79aff
-
SHA256
c41b3639173707dfe1b070b92c1b3ed4ed451be6595fa150b930a7dfc4efd2af
-
SHA512
986c1087b8f2d0851389911b6b8c08f6453b602fc633bf3cdfc484a4cb2513af63dd8cac059ff3c15601c4855a7cb5544f991a76c6802653fa3863e9ad086a1a
-
SSDEEP
12288:nBLXmsrJM1lmxJm83L6XD4JZyGdDtlUWZJs8UcGf:BLWiMAb3ubGLljnl/Gf
Static task
static1
Behavioral task
behavioral1
Sample
Swift.txt.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
Swift.txt.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6675795591:AAHOLjdFZlj5nOPVfUfGykzyEUFz4fRG_10/sendMessage?chat_id=6131056872
Targets
-
-
Target
Swift.txt.exe
-
Size
532KB
-
MD5
12bbcd47078601a66f15749bca45573a
-
SHA1
ea72daecddca36a8acff3c0a8c059e76dde79aff
-
SHA256
c41b3639173707dfe1b070b92c1b3ed4ed451be6595fa150b930a7dfc4efd2af
-
SHA512
986c1087b8f2d0851389911b6b8c08f6453b602fc633bf3cdfc484a4cb2513af63dd8cac059ff3c15601c4855a7cb5544f991a76c6802653fa3863e9ad086a1a
-
SSDEEP
12288:nBLXmsrJM1lmxJm83L6XD4JZyGdDtlUWZJs8UcGf:BLWiMAb3ubGLljnl/Gf
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-