General
-
Target
NEAS.7a11bbdedde47ea79c363c4a1c607d39deb591433c970c710d9310162037be4dexe_JC.exe
-
Size
324KB
-
Sample
231024-yw2hnagh54
-
MD5
a7e406a5384a28f4ccc5a7267d32eefe
-
SHA1
db3a4ca66734359ba1e0b1d3bce800efc954c1ea
-
SHA256
7a11bbdedde47ea79c363c4a1c607d39deb591433c970c710d9310162037be4d
-
SHA512
3fd510cc50d3ff29c1a9a24127170ae4f541de648919127e1ad5d794f6601ee9372a5dd98694ca0502ead500dbc2647ea7a876a5d3ca3e1c95bd1f14fb26d2a9
-
SSDEEP
6144:tRyDjxdpk5cGr90DqZDrUN9uy25EGFGMghhapd8b/fNMIpCO:tRyDtdpkOGrmDqlriKE9DrbZn
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.7a11bbdedde47ea79c363c4a1c607d39deb591433c970c710d9310162037be4dexe_JC.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
NEAS.7a11bbdedde47ea79c363c4a1c607d39deb591433c970c710d9310162037be4dexe_JC.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6374710888:AAEIfnNpPcl1WaTjVtUebQo-ASG58vFZQXQ/sendMessage?chat_id=5532763142
Targets
-
-
Target
NEAS.7a11bbdedde47ea79c363c4a1c607d39deb591433c970c710d9310162037be4dexe_JC.exe
-
Size
324KB
-
MD5
a7e406a5384a28f4ccc5a7267d32eefe
-
SHA1
db3a4ca66734359ba1e0b1d3bce800efc954c1ea
-
SHA256
7a11bbdedde47ea79c363c4a1c607d39deb591433c970c710d9310162037be4d
-
SHA512
3fd510cc50d3ff29c1a9a24127170ae4f541de648919127e1ad5d794f6601ee9372a5dd98694ca0502ead500dbc2647ea7a876a5d3ca3e1c95bd1f14fb26d2a9
-
SSDEEP
6144:tRyDjxdpk5cGr90DqZDrUN9uy25EGFGMghhapd8b/fNMIpCO:tRyDtdpkOGrmDqlriKE9DrbZn
-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-