General
-
Target
41bce404371579a1e6db304042d2e72e.bin
-
Size
25KB
-
Sample
231108-b4zmpsda93
-
MD5
b4d43c802e6c8b152be666dd2f4455bf
-
SHA1
241edbc93e25b60455a4704a28fc132a34c47bfe
-
SHA256
99863c2b4f9560c1dfd5430f9862d225b28b84a3a8caa58d5013d2a6514ec2b0
-
SHA512
34abe77215c34201028d54b9a9a392a386df37145db2dc5ba2bb3628f4b18ea71cfd0ec881f8c31adecc5d30a7fe88be144c22d1806371020f2a979224ce86c4
-
SSDEEP
384:ZASXH4D3xOQjBpw7UfxO07OSoGikZQCaD+zRk2AkCL1npnAwd0qTaw0Rg8zkxG9b:OSXH4LX1f4u5iOD7RatppTyg8zk+nhUq
Static task
static1
Behavioral task
behavioral1
Sample
ebb6fad910c99d151b30733b624e8f7e555eb7de7caaa66d65b9e7114c433f56.exe
Resource
win7-20231025-en
Behavioral task
behavioral2
Sample
ebb6fad910c99d151b30733b624e8f7e555eb7de7caaa66d65b9e7114c433f56.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6350529534:AAEbFW9VBWTKQfN1Y3K_5RJARCtOn1UqK8o/sendMessage?chat_id=1467583453
Targets
-
-
Target
ebb6fad910c99d151b30733b624e8f7e555eb7de7caaa66d65b9e7114c433f56.exe
-
Size
44KB
-
MD5
41bce404371579a1e6db304042d2e72e
-
SHA1
55378787edb8d473893099cc206fd5554213caa9
-
SHA256
ebb6fad910c99d151b30733b624e8f7e555eb7de7caaa66d65b9e7114c433f56
-
SHA512
66e5e32da35d76208dac11bbfa8a232ab1d77f1d08ad377bbe04a33de395ff82248a82dc8f51df9d029ad461ebdb23300d0b549f2bf6149c1ff0b64cfb99af9c
-
SSDEEP
768:DbynQEfPx5vJYrEXURJ5fTpSgKS08c9YDveruxPhreB3SUFjIHEIx:3ix7cEWZpSgKnUDGA6BZFmfx
-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-