General
-
Target
NEAS.NEASf0caaaebe92baa4bc450b54344dfbd8c9f6c4ee2057a6d289b2c347b8b7ae912exeexe_JC.exe
-
Size
344KB
-
Sample
231017-wz1dnafc9w
-
MD5
3e133f661b74e398c2906931e0e4156c
-
SHA1
6d98c3664f8a0e4bda116511579896ebc42f3aff
-
SHA256
f0caaaebe92baa4bc450b54344dfbd8c9f6c4ee2057a6d289b2c347b8b7ae912
-
SHA512
a65358735c27f12844e82af76ec4eb0d11372c9f5a2007321bd53c30f554461075b5cdfc376bfb1dac7c91ab20e5d6f011448a9c4b5b79bfa0f4b280d377e1f2
-
SSDEEP
6144:Bv8hza/coPxII4AdFvkk1VTQ0upQnxk+uuL:NkG/coZIUyW
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.NEASf0caaaebe92baa4bc450b54344dfbd8c9f6c4ee2057a6d289b2c347b8b7ae912exeexe_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
NEAS.NEASf0caaaebe92baa4bc450b54344dfbd8c9f6c4ee2057a6d289b2c347b8b7ae912exeexe_JC.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6380706838:AAHeNJQXD2oljrKM46U8G-Zyq3GHA5SyN3c/sendMessage?chat_id=5262627523
Targets
-
-
Target
NEAS.NEASf0caaaebe92baa4bc450b54344dfbd8c9f6c4ee2057a6d289b2c347b8b7ae912exeexe_JC.exe
-
Size
344KB
-
MD5
3e133f661b74e398c2906931e0e4156c
-
SHA1
6d98c3664f8a0e4bda116511579896ebc42f3aff
-
SHA256
f0caaaebe92baa4bc450b54344dfbd8c9f6c4ee2057a6d289b2c347b8b7ae912
-
SHA512
a65358735c27f12844e82af76ec4eb0d11372c9f5a2007321bd53c30f554461075b5cdfc376bfb1dac7c91ab20e5d6f011448a9c4b5b79bfa0f4b280d377e1f2
-
SSDEEP
6144:Bv8hza/coPxII4AdFvkk1VTQ0upQnxk+uuL:NkG/coZIUyW
-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-