General
-
Target
Pcnqrjifee.exe
-
Size
174KB
-
Sample
231108-pnwsrsce47
-
MD5
f1de5b4304d2e4bd2f0ceb1eec386cf6
-
SHA1
64bbcbfa304ea0b448e8e0491071c731e3afef90
-
SHA256
ffb3e100fc9496efcd741c1938b4bd1218601ca189bd7507cc2543e022d6c1da
-
SHA512
73bce5106f87139def09c14ef82e3f07e653ceddf5b0d6430d2af24f678c03bcf1b27b81b37c5c1f77ff5488e2930795a2aed240e9020c2938ee9d5eee0d7c87
-
SSDEEP
3072:98xlpX3W5ObFn1R32Ucyyv/HERzBRdED9SaP29htKudG4M:glpX7jJ2xfEJBRdED9JQtJ
Static task
static1
Behavioral task
behavioral1
Sample
Pcnqrjifee.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
Pcnqrjifee.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6760797270:AAECTf5-db7M39Lx0qzBnaqnlAtUljrK5Pg/sendMessage?chat_id=5262627523
Targets
-
-
Target
Pcnqrjifee.exe
-
Size
174KB
-
MD5
f1de5b4304d2e4bd2f0ceb1eec386cf6
-
SHA1
64bbcbfa304ea0b448e8e0491071c731e3afef90
-
SHA256
ffb3e100fc9496efcd741c1938b4bd1218601ca189bd7507cc2543e022d6c1da
-
SHA512
73bce5106f87139def09c14ef82e3f07e653ceddf5b0d6430d2af24f678c03bcf1b27b81b37c5c1f77ff5488e2930795a2aed240e9020c2938ee9d5eee0d7c87
-
SSDEEP
3072:98xlpX3W5ObFn1R32Ucyyv/HERzBRdED9SaP29htKudG4M:glpX7jJ2xfEJBRdED9JQtJ
-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-