General
-
Target
NEAS.16f9ece070a18550dedbb5e3bb6f256d79e9853b2d3e049dba379cba0ea4b738exe_JC.exe
-
Size
366KB
-
Sample
231023-twrk8sac6v
-
MD5
3c1ade1441ef11aed8496b742eab197b
-
SHA1
06ebde82c367791c03196888fb2fcc7721296564
-
SHA256
16f9ece070a18550dedbb5e3bb6f256d79e9853b2d3e049dba379cba0ea4b738
-
SHA512
79f35c1f552040fd3f5273aa288bbcc86662a325dc9fd5c1817d127568a5edd3337c9b124583c3e09d07c446dcdc2b6b515227ec0d987b6b8444f342046715a6
-
SSDEEP
6144:L0nJBIKD2SJMz2dR8rZNlvzGSTo5xBB9VVh8YZWUBwDPlj3y4QTdk6ceh9X3P92D:sJfD2S+nRqx39Xh88VBIlzy4Qpk6ceXx
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.16f9ece070a18550dedbb5e3bb6f256d79e9853b2d3e049dba379cba0ea4b738exe_JC.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
NEAS.16f9ece070a18550dedbb5e3bb6f256d79e9853b2d3e049dba379cba0ea4b738exe_JC.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6243209595:AAGECSmdSqJiVZcdFoBvotoaKcKT9Lz5Gvw/sendMessage?chat_id=1070926352
Targets
-
-
Target
NEAS.16f9ece070a18550dedbb5e3bb6f256d79e9853b2d3e049dba379cba0ea4b738exe_JC.exe
-
Size
366KB
-
MD5
3c1ade1441ef11aed8496b742eab197b
-
SHA1
06ebde82c367791c03196888fb2fcc7721296564
-
SHA256
16f9ece070a18550dedbb5e3bb6f256d79e9853b2d3e049dba379cba0ea4b738
-
SHA512
79f35c1f552040fd3f5273aa288bbcc86662a325dc9fd5c1817d127568a5edd3337c9b124583c3e09d07c446dcdc2b6b515227ec0d987b6b8444f342046715a6
-
SSDEEP
6144:L0nJBIKD2SJMz2dR8rZNlvzGSTo5xBB9VVh8YZWUBwDPlj3y4QTdk6ceh9X3P92D:sJfD2S+nRqx39Xh88VBIlzy4Qpk6ceXx
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-