General
-
Target
NEAS.NEAS9a2f9a2670f1a81d9e637218669c6db6a29ea962ce2cb2a81468c45aa5b40b40exeexe_JC.exe
-
Size
949KB
-
Sample
231021-w7v4xaac86
-
MD5
9869b521f18fc52aa2ee00593f41065c
-
SHA1
aaad09ec83aa11081f2f81df2eecf0303a049a93
-
SHA256
9a2f9a2670f1a81d9e637218669c6db6a29ea962ce2cb2a81468c45aa5b40b40
-
SHA512
0140fa3cbbc1ad4e12d88fa9dc58dc4cb4b9d7d7b29be63372a937ddd2d36fc7f5342742c0ea6bede85d04fef1b56fc14b7da1b94878aa8b224698a75e65216a
-
SSDEEP
12288:IyQaMFM0Mvxv9ZtOZvkrM7aMhOt3a7kbVRpzRcv9sXfNKtHkvJlq:Iyjv9EZOSTOdVRptclmfNKhkvG
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.NEAS9a2f9a2670f1a81d9e637218669c6db6a29ea962ce2cb2a81468c45aa5b40b40exeexe_JC.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
NEAS.NEAS9a2f9a2670f1a81d9e637218669c6db6a29ea962ce2cb2a81468c45aa5b40b40exeexe_JC.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6564714997:AAEB5Qyq9hSihv7iw6Fa5RV1VfNvFH6t4oU/sendMessage?chat_id=5328986207
Targets
-
-
Target
NEAS.NEAS9a2f9a2670f1a81d9e637218669c6db6a29ea962ce2cb2a81468c45aa5b40b40exeexe_JC.exe
-
Size
949KB
-
MD5
9869b521f18fc52aa2ee00593f41065c
-
SHA1
aaad09ec83aa11081f2f81df2eecf0303a049a93
-
SHA256
9a2f9a2670f1a81d9e637218669c6db6a29ea962ce2cb2a81468c45aa5b40b40
-
SHA512
0140fa3cbbc1ad4e12d88fa9dc58dc4cb4b9d7d7b29be63372a937ddd2d36fc7f5342742c0ea6bede85d04fef1b56fc14b7da1b94878aa8b224698a75e65216a
-
SSDEEP
12288:IyQaMFM0Mvxv9ZtOZvkrM7aMhOt3a7kbVRpzRcv9sXfNKtHkvJlq:Iyjv9EZOSTOdVRptclmfNKhkvG
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-