General
-
Target
NEAS.8f37fbe5ad7ab657d74837c722b3719561a8f6ad9153ac3e803a654d06041299exe_JC.exe
-
Size
432KB
-
Sample
231024-y4b8qshh3x
-
MD5
38c7d78e5d7cfad455053448c7861505
-
SHA1
f354edfb44d8c47bbdd20ec8b73da46175b4989b
-
SHA256
8f37fbe5ad7ab657d74837c722b3719561a8f6ad9153ac3e803a654d06041299
-
SHA512
29ec81a7086d6c4a0f86985a91337055126d1bac29a9f8acc800499742dbd1b1ff5a5e0bbc2e8768546f2a14e5a75faed378499b3e7e05cb5b6f05f10528bf7a
-
SSDEEP
12288:zD7gUinfOOazylCH8hTk5WukXBfYrOiqoe5:cfOOazy5CWukXBO
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.8f37fbe5ad7ab657d74837c722b3719561a8f6ad9153ac3e803a654d06041299exe_JC.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
NEAS.8f37fbe5ad7ab657d74837c722b3719561a8f6ad9153ac3e803a654d06041299exe_JC.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6754900376:AAGYXoJTG6DIGlzBESgGpB5cShe07Imh7JY/sendMessage?chat_id=5007084465
Targets
-
-
Target
NEAS.8f37fbe5ad7ab657d74837c722b3719561a8f6ad9153ac3e803a654d06041299exe_JC.exe
-
Size
432KB
-
MD5
38c7d78e5d7cfad455053448c7861505
-
SHA1
f354edfb44d8c47bbdd20ec8b73da46175b4989b
-
SHA256
8f37fbe5ad7ab657d74837c722b3719561a8f6ad9153ac3e803a654d06041299
-
SHA512
29ec81a7086d6c4a0f86985a91337055126d1bac29a9f8acc800499742dbd1b1ff5a5e0bbc2e8768546f2a14e5a75faed378499b3e7e05cb5b6f05f10528bf7a
-
SSDEEP
12288:zD7gUinfOOazylCH8hTk5WukXBfYrOiqoe5:cfOOazy5CWukXBO
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-