General
-
Target
c6643f3a42c75b2c3b774c9f07bafa978b8ac79a4620a380067a3b4fab7b85a4
-
Size
19KB
-
Sample
231030-rvavzsfd52
-
MD5
ede6f9a445bb4ecd8a30f0b4dd419c0b
-
SHA1
063c1ff595e85dc8de8a6a6859647c0797a33036
-
SHA256
c6643f3a42c75b2c3b774c9f07bafa978b8ac79a4620a380067a3b4fab7b85a4
-
SHA512
fa8162138871c7735ca7b5d7e8656a167e291c265ec27ac1591416a349dcc8512e80e5bbdf2168dd7b7aa15ae5abbf4bb8f1cb66e36ae1aec371c455062db103
-
SSDEEP
384:cGmaISe4G4b7Q6H0OJ7O4lIT8Y04sf2wCmT5yxCa9DYzD1hFpz:cGfxe4G4b7Q6UOJa4Rp4YOCWPYzD1Vz
Static task
static1
Behavioral task
behavioral1
Sample
Mybxbutrghm.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
Mybxbutrghm.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6491126749:AAEgYHjfebL8yDkuzneMucym5CaT8YIRGJE/sendMessage?chat_id=5262627523
Targets
-
-
Target
Mybxbutrghm.exe
-
Size
36KB
-
MD5
e3943355389d2af1de3dea068e7ca43e
-
SHA1
da4c486cdc0f0329f2e2969d9df698b91599d88c
-
SHA256
07f7c6e2ca27e05f3e3924f8b32cf92de6493ec4b7657beddc3243d7ae49cca5
-
SHA512
6cfb9713e4227189cf6401143b2f107bf40ccae5e227cb2e460fa82007297c510eaff72e6b7b599d762672d9146587770c2aeebfba80eba488c9167d29d61e7e
-
SSDEEP
768:RZOZ3fnxNzV5j1DLas3RqtGx+roLYP+k5:RZifXjj1DLasBC+k5
-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-