General
-
Target
0ff965e6f45e08c7ec843a01d22a6393b5a0be7b30029b7fc70a23d1e1aae6ed
-
Size
974KB
-
Sample
231023-d5qsasff98
-
MD5
a32103d0dba5cc68eecba6cf3677c330
-
SHA1
857c73d16536fd14b0054709c5f5f4bcc41528a9
-
SHA256
0ff965e6f45e08c7ec843a01d22a6393b5a0be7b30029b7fc70a23d1e1aae6ed
-
SHA512
11800a816a12af9e9dd851c13c8dfa2bb3d791fdf56b693fdd12927639587dca0560cc611a63439f1d3067c96cefded074d8388575dd6bf47374aa0e16e0106c
-
SSDEEP
24576:dgxk1GJMxhkJTYZhxk1GJMx8ckTfBPdxL1yJMMzNu:di8GJMxhkJTYZf8GJMxXkTtr5yJMMw
Static task
static1
Behavioral task
behavioral1
Sample
Design.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
Design.exe
Resource
win10v2004-20231020-en
Behavioral task
behavioral3
Sample
New product.scr
Resource
win7-20231020-en
Behavioral task
behavioral4
Sample
New product.scr
Resource
win10v2004-20231020-en
Behavioral task
behavioral5
Sample
PO_202310.exe
Resource
win7-20231020-en
Behavioral task
behavioral6
Sample
PO_202310.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6243209595:AAGECSmdSqJiVZcdFoBvotoaKcKT9Lz5Gvw/sendMessage?chat_id=1070926352
Targets
-
-
Target
Design.bat
-
Size
432KB
-
MD5
b14e49dd5671ae89f3624ad7561731af
-
SHA1
b2aa05a7ad52059560755fa04439413afe184ca3
-
SHA256
0477755f4c245b988aa85d1f9375836a72953d6172a7a82f917bbf9e59dd7294
-
SHA512
b803330db90b127e178abf83227ddf8f59e00d4929c686f33f6ab9be1806fb15cbca47ff3f058f20fc3d8b0afe2ddefb0b9cdcc502d22a91d2957449774d38ee
-
SSDEEP
12288:yD7gUiVHOazGypq9Q/NGbEP2a6JYrOiqot:nHOazTNYEz6c
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
-
-
Target
New product.scr
-
Size
437KB
-
MD5
3e872d74cb692deb202d25859986357d
-
SHA1
9ba324ec9ff4f454409f653da5d4d7b694255d6b
-
SHA256
701d2231e9b9297450abddc537bfdb90fbb45f679b6da2e1e45b615280bd95c6
-
SHA512
90b800106b029cd671216a0566a573975a6ed3bcfd45c255f47b4e8f9766674f01e3548b5f0abce53258ec89885f8bcd04bc9c85a97596152cadcc2b361e86dd
-
SSDEEP
12288:AD7gUiVaOazGypq9Q/NGbEPAj6JYrOiqot2:daOazTNYE4j6c
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
-
-
Target
PO_202310.pif
-
Size
432KB
-
MD5
652fc277b44f8481ea0fd8d4a661a1e5
-
SHA1
4c2e669b51228ab92a0bcbd55979a234e567da67
-
SHA256
77206304b64e1d2f6b0f1dede51784cb8fc6b2dad113676fe065de07a89b8084
-
SHA512
ba99a2fedff0308b6eb4c087cb67b17b62059ff29e2b511995eb1fec2a826b2433f1105a0d115daac278a91097b90303e2e1cdb3469b477f5b1e2b730b8f9ae4
-
SSDEEP
12288:yD7gUiV2OazGypq9Q/NGbEPGLf6JYrOiqo+ip1:n2OazTNYEW6cmip
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-