General
-
Target
SU RECEIPTS.exe
-
Size
45KB
-
Sample
231108-jttmpsfh6w
-
MD5
8c1ecfec742a15ecea1270341f6fc233
-
SHA1
cad6e89bb9a46723d5c065118d84f8fa2d733b5b
-
SHA256
1a6df26ab226cce53ed57cf4d4a46afcacfed48d181ecf3cefc1547a86fa514e
-
SHA512
1cea0261f65f4faf58b9f6c06942f39eb898b0fc2a31719de3aa6be7842170d1cd69efc0c66d9406e076b38923e4d065a2afa50e1943f60ea9af5ad5a1800f74
-
SSDEEP
768:uyJEWTx+/DsoQpYZluRhLLZKT+LQEPKfrs4nMWp/YI4XuMI/t6nOa6Tyo:dnpBX7LQnjsL9o1t6Oa/o
Static task
static1
Behavioral task
behavioral1
Sample
SU RECEIPTS.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
SU RECEIPTS.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6665362842:AAG0pFaR7HRKKztCR5GZinjteZ-4ePeXCWM/sendMessage?chat_id=1467583453
Targets
-
-
Target
SU RECEIPTS.exe
-
Size
45KB
-
MD5
8c1ecfec742a15ecea1270341f6fc233
-
SHA1
cad6e89bb9a46723d5c065118d84f8fa2d733b5b
-
SHA256
1a6df26ab226cce53ed57cf4d4a46afcacfed48d181ecf3cefc1547a86fa514e
-
SHA512
1cea0261f65f4faf58b9f6c06942f39eb898b0fc2a31719de3aa6be7842170d1cd69efc0c66d9406e076b38923e4d065a2afa50e1943f60ea9af5ad5a1800f74
-
SSDEEP
768:uyJEWTx+/DsoQpYZluRhLLZKT+LQEPKfrs4nMWp/YI4XuMI/t6nOa6Tyo:dnpBX7LQnjsL9o1t6Oa/o
-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-