General
-
Target
NEAS.NEASNEASdddff6842dea7df6bf5a2b9d1eec7b6a800cc13d829e1146a795c64cdafe3661rarrarrar_JC.rar
-
Size
497KB
-
Sample
231018-xl8njsbc75
-
MD5
1c303457fdadd02d4847cbb1278725f6
-
SHA1
7bd20b953420b1a1942a287b0540c024b003ce66
-
SHA256
dddff6842dea7df6bf5a2b9d1eec7b6a800cc13d829e1146a795c64cdafe3661
-
SHA512
b43dfaa1e2ecf98d60bf4fbd2cffdb5bf2cc019d5ab1892e7d013dbb6cb40172399c94fa9a5b893ffed573be4a954d606207c9c42164a128dd05234211b2a063
-
SSDEEP
12288:tfPJush4A0ZiQGdzEBSwvkXrLo6k3zlLCfV0o:toEQ8okvAlWfV0o
Static task
static1
Behavioral task
behavioral1
Sample
Swift.txt.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
Swift.txt.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6675795591:AAHOLjdFZlj5nOPVfUfGykzyEUFz4fRG_10/sendMessage?chat_id=6131056872
Targets
-
-
Target
Swift.txt.exe
-
Size
532KB
-
MD5
12bbcd47078601a66f15749bca45573a
-
SHA1
ea72daecddca36a8acff3c0a8c059e76dde79aff
-
SHA256
c41b3639173707dfe1b070b92c1b3ed4ed451be6595fa150b930a7dfc4efd2af
-
SHA512
986c1087b8f2d0851389911b6b8c08f6453b602fc633bf3cdfc484a4cb2513af63dd8cac059ff3c15601c4855a7cb5544f991a76c6802653fa3863e9ad086a1a
-
SSDEEP
12288:nBLXmsrJM1lmxJm83L6XD4JZyGdDtlUWZJs8UcGf:BLWiMAb3ubGLljnl/Gf
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-