General
-
Target
NEAS.0477755f4c245b988aa85d1f9375836a72953d6172a7a82f917bbf9e59dd7294exe_JC.exe
-
Size
432KB
-
Sample
231024-x3twqagc36
-
MD5
b14e49dd5671ae89f3624ad7561731af
-
SHA1
b2aa05a7ad52059560755fa04439413afe184ca3
-
SHA256
0477755f4c245b988aa85d1f9375836a72953d6172a7a82f917bbf9e59dd7294
-
SHA512
b803330db90b127e178abf83227ddf8f59e00d4929c686f33f6ab9be1806fb15cbca47ff3f058f20fc3d8b0afe2ddefb0b9cdcc502d22a91d2957449774d38ee
-
SSDEEP
12288:yD7gUiVHOazGypq9Q/NGbEP2a6JYrOiqot:nHOazTNYEz6c
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.0477755f4c245b988aa85d1f9375836a72953d6172a7a82f917bbf9e59dd7294exe_JC.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
NEAS.0477755f4c245b988aa85d1f9375836a72953d6172a7a82f917bbf9e59dd7294exe_JC.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6243209595:AAGECSmdSqJiVZcdFoBvotoaKcKT9Lz5Gvw/sendMessage?chat_id=1070926352
Targets
-
-
Target
NEAS.0477755f4c245b988aa85d1f9375836a72953d6172a7a82f917bbf9e59dd7294exe_JC.exe
-
Size
432KB
-
MD5
b14e49dd5671ae89f3624ad7561731af
-
SHA1
b2aa05a7ad52059560755fa04439413afe184ca3
-
SHA256
0477755f4c245b988aa85d1f9375836a72953d6172a7a82f917bbf9e59dd7294
-
SHA512
b803330db90b127e178abf83227ddf8f59e00d4929c686f33f6ab9be1806fb15cbca47ff3f058f20fc3d8b0afe2ddefb0b9cdcc502d22a91d2957449774d38ee
-
SSDEEP
12288:yD7gUiVHOazGypq9Q/NGbEP2a6JYrOiqot:nHOazTNYEz6c
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-