General
-
Target
06cb67b0451ff35c5387fcfd070a949a980c0b12735abe51cef0c869840b43b5
-
Size
553KB
-
Sample
231023-qre5vsgh6v
-
MD5
e333a62a712718216c64e23fbd0b61ac
-
SHA1
d590a8a5b1441d4d1f924d19b61286ff3d6a7ba7
-
SHA256
06cb67b0451ff35c5387fcfd070a949a980c0b12735abe51cef0c869840b43b5
-
SHA512
8a7c672595b50c6166b97febb79d3374766353f6aa6e8a7cbb64d1f564ee15d46a16dcc3e0153c509cb4153c65257157466066895bc25740dc7d13aaa1e6ea53
-
SSDEEP
12288:pn3WUDJhkcRp6ToIOhMJ3kznYhHJEK5jTy3C39zZ:pnGUDrooIOho02HJEUjTy+T
Static task
static1
Behavioral task
behavioral1
Sample
PDA REPORT.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
PDA REPORT.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6454266704:AAGc7MbDFOw3VJ52r1hPLsjSZvjH8GUmylk/sendMessage?chat_id=1467583453
Targets
-
-
Target
PDA REPORT.exe
-
Size
631KB
-
MD5
51ffbe020abe8aafe935c763b8a59925
-
SHA1
33d35ac918b348c7ee2358ffe3b2acc6e25182fe
-
SHA256
7b15eee7380219a4af5a9a5d2380c566c4b54b65d8f548885ad50f502acbd3a5
-
SHA512
965755fb0b1df5033ce1e8aaf06f982b23d91830daa98febfcf99f6597730ac95a47b6e12f91435944a77b441fd47decce02b10f5d7f9083916fa39b023d42c8
-
SSDEEP
12288:OPhNh6sxTA6qNhGpZSUTXUJ2HI8OPvultmzTc1FxnPzcb1hGrqaX8BXKDaxHh:OPDDxs6gUpA2HI3vultwc1FxY+ZXi
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-