General
-
Target
ERPReportUtils.exe
-
Size
1.1MB
-
Sample
231107-wqv3ksee23
-
MD5
a31e2e7b5009a5499d3a900c54cff18b
-
SHA1
744e5d9c697d92ca0b47e1ac83dc1e448f5ac55a
-
SHA256
ae07170344ef7f113a32b575a40dbca7dfc7e770f3109df6e5b00e3686268652
-
SHA512
d62253eea81be81b1cb0e4497d51cc0eafc7497f07b1808412789490dbf01b985abd31074511cbf60b4fd2c7745a817e500b6a41feedff97493343bf900177f9
-
SSDEEP
24576:0Ff87va09lK4kB/YAuseX7KvO1YAuJMi+sPV3GykDfMNVzCOgKIQtKoColK5dwd5:gOiKpAuserKvpAuJMi+sPV3GykDfMNVb
Static task
static1
Behavioral task
behavioral1
Sample
ERPReportUtils.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
ERPReportUtils.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.yandex.com - Port:
587 - Username:
[email protected] - Password:
chijiokejackson121
https://api.telegram.org/bot5206100572:AAFn3MxBuN0bjQhfY8y1ed9Iwi79LyIe75I/sendMessage?chat_id=2135869667
Targets
-
-
Target
ERPReportUtils.exe
-
Size
1.1MB
-
MD5
a31e2e7b5009a5499d3a900c54cff18b
-
SHA1
744e5d9c697d92ca0b47e1ac83dc1e448f5ac55a
-
SHA256
ae07170344ef7f113a32b575a40dbca7dfc7e770f3109df6e5b00e3686268652
-
SHA512
d62253eea81be81b1cb0e4497d51cc0eafc7497f07b1808412789490dbf01b985abd31074511cbf60b4fd2c7745a817e500b6a41feedff97493343bf900177f9
-
SSDEEP
24576:0Ff87va09lK4kB/YAuseX7KvO1YAuJMi+sPV3GykDfMNVzCOgKIQtKoColK5dwd5:gOiKpAuserKvpAuJMi+sPV3GykDfMNVb
Score10/10-
Snake Keylogger payload
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-