General
-
Target
a31e2e7b5009a5499d3a900c54cff18b.bin
-
Size
443KB
-
Sample
231109-cvk9dsgd28
-
MD5
a8868f3d01725c40e95a0780b9a278b4
-
SHA1
a909b8b6cd2d52cd85bea0630966ddb3ccaea481
-
SHA256
00edfcc6fdbc3956ec4b546fbe6121db836bc65a75be755d335d08f7d20a5050
-
SHA512
e3f38946b68f319f3a3da0244c43f0599694e0e0576a92e4597934087f82398d2c361084244964e76585958512855ea515191fbc9c387667d4550af616ac5c78
-
SSDEEP
6144:iGQ1XxCiCC12SR4l6xpMe2IUnwP/pXfuc2id1Pd6dQN5+0iCEll6FA0JgqfjJvjE:7Q1XxCi3e6xeetIw5GqXu+4nqK0uuj6t
Static task
static1
Behavioral task
behavioral1
Sample
ae07170344ef7f113a32b575a40dbca7dfc7e770f3109df6e5b00e3686268652.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
ae07170344ef7f113a32b575a40dbca7dfc7e770f3109df6e5b00e3686268652.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.yandex.com - Port:
587 - Username:
[email protected] - Password:
chijiokejackson121
https://api.telegram.org/bot5206100572:AAFn3MxBuN0bjQhfY8y1ed9Iwi79LyIe75I/sendMessage?chat_id=2135869667
Targets
-
-
Target
ae07170344ef7f113a32b575a40dbca7dfc7e770f3109df6e5b00e3686268652.exe
-
Size
1.1MB
-
MD5
a31e2e7b5009a5499d3a900c54cff18b
-
SHA1
744e5d9c697d92ca0b47e1ac83dc1e448f5ac55a
-
SHA256
ae07170344ef7f113a32b575a40dbca7dfc7e770f3109df6e5b00e3686268652
-
SHA512
d62253eea81be81b1cb0e4497d51cc0eafc7497f07b1808412789490dbf01b985abd31074511cbf60b4fd2c7745a817e500b6a41feedff97493343bf900177f9
-
SSDEEP
24576:0Ff87va09lK4kB/YAuseX7KvO1YAuJMi+sPV3GykDfMNVzCOgKIQtKoColK5dwd5:gOiKpAuserKvpAuJMi+sPV3GykDfMNVb
Score10/10-
Snake Keylogger payload
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-