General
-
Target
Ttwsg.exe
-
Size
64KB
-
Sample
231031-jensxahc8x
-
MD5
92877b963c90599d222a3c851dbbdaa1
-
SHA1
c2c4de2c7c5681f3be5c2ddca7f5ff7330d76dfd
-
SHA256
80b55aa26af1c8cb84556ced208b0338313aa010bbb544cbb6a87f023b77899b
-
SHA512
bd6b41b405cc333ceccd24fe68154216d1a8104639e5a1fe488f9436e2cd8a1e4900d81ef81364f0f8484d783608aef0632afee7d05677889f335d8dafcb0c2d
-
SSDEEP
1536:lBWET/xqKbqqMaWFwRfi0BVIHrtokNgRxv4v:l7/vGii2VILtPaRxk
Static task
static1
Behavioral task
behavioral1
Sample
Ttwsg.exe
Resource
win7-20231025-en
Behavioral task
behavioral2
Sample
Ttwsg.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6491126749:AAEgYHjfebL8yDkuzneMucym5CaT8YIRGJE/sendMessage?chat_id=5262627523
Targets
-
-
Target
Ttwsg.exe
-
Size
64KB
-
MD5
92877b963c90599d222a3c851dbbdaa1
-
SHA1
c2c4de2c7c5681f3be5c2ddca7f5ff7330d76dfd
-
SHA256
80b55aa26af1c8cb84556ced208b0338313aa010bbb544cbb6a87f023b77899b
-
SHA512
bd6b41b405cc333ceccd24fe68154216d1a8104639e5a1fe488f9436e2cd8a1e4900d81ef81364f0f8484d783608aef0632afee7d05677889f335d8dafcb0c2d
-
SSDEEP
1536:lBWET/xqKbqqMaWFwRfi0BVIHrtokNgRxv4v:l7/vGii2VILtPaRxk
-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-