General
-
Target
NEAS.NEASNEASccb646b55a9ab2a9080d1160e44a5e9d54d069ec1b4ac8ea2349a45a0d85799czrarrar_JC.rar
-
Size
497KB
-
Sample
231018-xgymsahg8x
-
MD5
fa8f1b36a9950443804a6892d22f9307
-
SHA1
f389ac8c518f842fe251e9b78008ad5c58664090
-
SHA256
ccb646b55a9ab2a9080d1160e44a5e9d54d069ec1b4ac8ea2349a45a0d85799c
-
SHA512
4c637beff74b33b856abac983ffaa03709d1ef4893010a6512cb245415f9de43fde8f837d01cfc7431234b171e5a79d9175ac3a869b5799260d59fa0e9a10502
-
SSDEEP
12288:gfPJush4A0ZiQGdzEBSwvkXrLo6k3zlLCfV0u:goEQ8okvAlWfV0u
Static task
static1
Behavioral task
behavioral1
Sample
08A347B6-6FB3-4B5E-9A49-9EC1E49DF8F1.pdf.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
08A347B6-6FB3-4B5E-9A49-9EC1E49DF8F1.pdf.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6675795591:AAHOLjdFZlj5nOPVfUfGykzyEUFz4fRG_10/sendMessage?chat_id=6131056872
Targets
-
-
Target
08A347B6-6FB3-4B5E-9A49-9EC1E49DF8F1.pdf.exe
-
Size
532KB
-
MD5
12bbcd47078601a66f15749bca45573a
-
SHA1
ea72daecddca36a8acff3c0a8c059e76dde79aff
-
SHA256
c41b3639173707dfe1b070b92c1b3ed4ed451be6595fa150b930a7dfc4efd2af
-
SHA512
986c1087b8f2d0851389911b6b8c08f6453b602fc633bf3cdfc484a4cb2513af63dd8cac059ff3c15601c4855a7cb5544f991a76c6802653fa3863e9ad086a1a
-
SSDEEP
12288:nBLXmsrJM1lmxJm83L6XD4JZyGdDtlUWZJs8UcGf:BLWiMAb3ubGLljnl/Gf
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-