General
-
Target
KFQH Blank Booking Form.bat.exe
-
Size
1.1MB
-
Sample
231103-tpmnpsgg53
-
MD5
0efb9fa85f31cf712388fcc55484bb96
-
SHA1
e7f209e7b91a6429c0d2ee24a869751d201f4e65
-
SHA256
e54a0d1fb979d19bf7cbf681df38b284bb5b1b9a5848e220bda941e0417bc7fc
-
SHA512
d34890aa9267c0d57bc46e33107e8626f6bb08e48966b7b742e402e597716025691dfc15c5cbdece980b29c974b89440cb9af13792214fc744cb7585550cb96a
-
SSDEEP
24576:UZfxjLZisWPsuLkB/YAuseX7KvO1YAuJMi+sPV3GykDfMNVzCOgKIQtKoColK5da:0xjIPsMpAuserKvpAuJMi+sPV3GykDf0
Static task
static1
Behavioral task
behavioral1
Sample
KFQH Blank Booking Form.bat.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
KFQH Blank Booking Form.bat.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6708141821:AAEG0Dpkj7hEuj6EHpRMMDr5JQOvFGtpnRQ/sendMessage?chat_id=5986156290
Targets
-
-
Target
KFQH Blank Booking Form.bat.exe
-
Size
1.1MB
-
MD5
0efb9fa85f31cf712388fcc55484bb96
-
SHA1
e7f209e7b91a6429c0d2ee24a869751d201f4e65
-
SHA256
e54a0d1fb979d19bf7cbf681df38b284bb5b1b9a5848e220bda941e0417bc7fc
-
SHA512
d34890aa9267c0d57bc46e33107e8626f6bb08e48966b7b742e402e597716025691dfc15c5cbdece980b29c974b89440cb9af13792214fc744cb7585550cb96a
-
SSDEEP
24576:UZfxjLZisWPsuLkB/YAuseX7KvO1YAuJMi+sPV3GykDfMNVzCOgKIQtKoColK5da:0xjIPsMpAuserKvpAuJMi+sPV3GykDf0
Score10/10-
Snake Keylogger payload
-
Loads dropped DLL
-