General
-
Target
a7e406a5384a28f4ccc5a7267d32eefe.bin
-
Size
297KB
-
Sample
231025-ccad6sdc59
-
MD5
fa44eab2282b947e1fce4c9e5f4b2802
-
SHA1
82bffb5e90bb6def734a633aa1f2c2550a69f666
-
SHA256
37e40b4c3fe36c99c60e22367ead115a53971bd2366046806d2ff3f4366b2c70
-
SHA512
0e04346b945c333d6402c2375db2f122b92f8af2583bf1ef23867593c6f471bdd249bbde66b0536218a767505bc8d8d7359ae57cc56873fca35f32a070434827
-
SSDEEP
6144:uWsGIvrdLjyXORItbk4d1q5oNtfVIFEmJxXwc6kV7sTw:uWsGIpy+RItbvTqyVWFAc6k+8
Static task
static1
Behavioral task
behavioral1
Sample
7a11bbdedde47ea79c363c4a1c607d39deb591433c970c710d9310162037be4d.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
7a11bbdedde47ea79c363c4a1c607d39deb591433c970c710d9310162037be4d.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6374710888:AAEIfnNpPcl1WaTjVtUebQo-ASG58vFZQXQ/sendMessage?chat_id=5532763142
Targets
-
-
Target
7a11bbdedde47ea79c363c4a1c607d39deb591433c970c710d9310162037be4d.exe
-
Size
324KB
-
MD5
a7e406a5384a28f4ccc5a7267d32eefe
-
SHA1
db3a4ca66734359ba1e0b1d3bce800efc954c1ea
-
SHA256
7a11bbdedde47ea79c363c4a1c607d39deb591433c970c710d9310162037be4d
-
SHA512
3fd510cc50d3ff29c1a9a24127170ae4f541de648919127e1ad5d794f6601ee9372a5dd98694ca0502ead500dbc2647ea7a876a5d3ca3e1c95bd1f14fb26d2a9
-
SSDEEP
6144:tRyDjxdpk5cGr90DqZDrUN9uy25EGFGMghhapd8b/fNMIpCO:tRyDtdpkOGrmDqlriKE9DrbZn
-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-