General
-
Target
NEAS.e51cde73b2f4b0b897843235d5db557cbdcd41f3e5b4c2a4c31886b95e5301d4exe_JC.exe
-
Size
530KB
-
Sample
231023-xjsjjsch91
-
MD5
d5cf794b8931228454a9218eba67c8c6
-
SHA1
c58237c6e67e028bccaac59d4fb6791bf8ed646f
-
SHA256
e51cde73b2f4b0b897843235d5db557cbdcd41f3e5b4c2a4c31886b95e5301d4
-
SHA512
c876b50f51c473755275fbf2972f4748ba9192ff6d07bd099bf0c2766678e75a7c8e921d878e2601acd2b67cd4885bc30b7298d8896a78a595364f0eef7ff483
-
SSDEEP
12288:ob7s9TQ9WseH/0px4aPQqyYxe8Bxm78xlaGgci:c7s90EHu7t3xPiWyT
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.e51cde73b2f4b0b897843235d5db557cbdcd41f3e5b4c2a4c31886b95e5301d4exe_JC.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
NEAS.e51cde73b2f4b0b897843235d5db557cbdcd41f3e5b4c2a4c31886b95e5301d4exe_JC.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6454266704:AAGc7MbDFOw3VJ52r1hPLsjSZvjH8GUmylk/sendMessage?chat_id=1467583453
Targets
-
-
Target
NEAS.e51cde73b2f4b0b897843235d5db557cbdcd41f3e5b4c2a4c31886b95e5301d4exe_JC.exe
-
Size
530KB
-
MD5
d5cf794b8931228454a9218eba67c8c6
-
SHA1
c58237c6e67e028bccaac59d4fb6791bf8ed646f
-
SHA256
e51cde73b2f4b0b897843235d5db557cbdcd41f3e5b4c2a4c31886b95e5301d4
-
SHA512
c876b50f51c473755275fbf2972f4748ba9192ff6d07bd099bf0c2766678e75a7c8e921d878e2601acd2b67cd4885bc30b7298d8896a78a595364f0eef7ff483
-
SSDEEP
12288:ob7s9TQ9WseH/0px4aPQqyYxe8Bxm78xlaGgci:c7s90EHu7t3xPiWyT
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-