General
-
Target
NEAS.83faafb87f3e0ba23d01e4d4bda9eabf50f9301673bf32640b8204e3fe249362.exe
-
Size
194KB
-
Sample
231111-nprprsfd85
-
MD5
a8926cfefd4e4f3ddc9d8720983a4672
-
SHA1
f964791303ce5fd8a51c8ca3eb9fdb9cbd259e74
-
SHA256
83faafb87f3e0ba23d01e4d4bda9eabf50f9301673bf32640b8204e3fe249362
-
SHA512
611f4f8a76c248c536c551e8936daffcab66e921cf9796d763c9bd620f6e15419db3280d2b0c23680b08ad4efa6b7262ac0b7fa6fb22a61e93fe5c1f929fc459
-
SSDEEP
1536:DM24LqnX0QsvKf4m/4qXlvZJJflJATUcC7T+T0tfHgVEbFM2FND64c+:D+vDmQqflSLCOuHIERMKND643
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.83faafb87f3e0ba23d01e4d4bda9eabf50f9301673bf32640b8204e3fe249362.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
NEAS.83faafb87f3e0ba23d01e4d4bda9eabf50f9301673bf32640b8204e3fe249362.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6760797270:AAECTf5-db7M39Lx0qzBnaqnlAtUljrK5Pg/sendMessage?chat_id=5262627523
Targets
-
-
Target
NEAS.83faafb87f3e0ba23d01e4d4bda9eabf50f9301673bf32640b8204e3fe249362.exe
-
Size
194KB
-
MD5
a8926cfefd4e4f3ddc9d8720983a4672
-
SHA1
f964791303ce5fd8a51c8ca3eb9fdb9cbd259e74
-
SHA256
83faafb87f3e0ba23d01e4d4bda9eabf50f9301673bf32640b8204e3fe249362
-
SHA512
611f4f8a76c248c536c551e8936daffcab66e921cf9796d763c9bd620f6e15419db3280d2b0c23680b08ad4efa6b7262ac0b7fa6fb22a61e93fe5c1f929fc459
-
SSDEEP
1536:DM24LqnX0QsvKf4m/4qXlvZJJflJATUcC7T+T0tfHgVEbFM2FND64c+:D+vDmQqflSLCOuHIERMKND643
-
Snake Keylogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-