General
-
Target
0efb9fa85f31cf712388fcc55484bb96.bin
-
Size
442KB
-
Sample
231105-blybxsba98
-
MD5
1fa7a2b13b9443413460c37f181bc056
-
SHA1
d1fa55559dacccefd0c616e2b20282e0bc443327
-
SHA256
7da0211e8bb476966bbdbf415ed25bfb1050bb04d865446aa9be532773b15fd8
-
SHA512
00eca103e5d1a25781c29375222c5a3716b93c725e04e26b1accc93dac2ea3cdd60a80d643b8a0572a30df534bb0600e62be64b3665f21b9f496af59dc60504a
-
SSDEEP
12288:ThjGEcKRQvCDQbs4bjxbhiKDqR4eZBH7Ivo5URKog:TByKRQ1bH7pDqXZBbIvo2RRg
Static task
static1
Behavioral task
behavioral1
Sample
e54a0d1fb979d19bf7cbf681df38b284bb5b1b9a5848e220bda941e0417bc7fc.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
e54a0d1fb979d19bf7cbf681df38b284bb5b1b9a5848e220bda941e0417bc7fc.exe
Resource
win10v2004-20231025-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6708141821:AAEG0Dpkj7hEuj6EHpRMMDr5JQOvFGtpnRQ/sendMessage?chat_id=5986156290
Targets
-
-
Target
e54a0d1fb979d19bf7cbf681df38b284bb5b1b9a5848e220bda941e0417bc7fc.exe
-
Size
1.1MB
-
MD5
0efb9fa85f31cf712388fcc55484bb96
-
SHA1
e7f209e7b91a6429c0d2ee24a869751d201f4e65
-
SHA256
e54a0d1fb979d19bf7cbf681df38b284bb5b1b9a5848e220bda941e0417bc7fc
-
SHA512
d34890aa9267c0d57bc46e33107e8626f6bb08e48966b7b742e402e597716025691dfc15c5cbdece980b29c974b89440cb9af13792214fc744cb7585550cb96a
-
SSDEEP
24576:UZfxjLZisWPsuLkB/YAuseX7KvO1YAuJMi+sPV3GykDfMNVzCOgKIQtKoColK5da:0xjIPsMpAuserKvpAuJMi+sPV3GykDf0
Score10/10-
Snake Keylogger payload
-
Disables Task Manager via registry modification
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-