General
-
Target
NEAS.98c19753dbee8352bb450feb4d842079a04b17456e21761e713b9d481b00ac86.exe
-
Size
332KB
-
Sample
231114-jpbakahf67
-
MD5
b5fbcda9d5577a1348fd66393e834c38
-
SHA1
de3a6bbabc63574238cdc3f78058fa752da31da0
-
SHA256
98c19753dbee8352bb450feb4d842079a04b17456e21761e713b9d481b00ac86
-
SHA512
bdd64acc3de80f6ca506639a989ca0dc5947e856913a7937ffd71726fed07f633c005ae70a3b53dc735d432ae78b67888870afa53e06e191c7f749fbf3ee8a53
-
SSDEEP
6144:JEasJm3yZ1bHuuywQ7sUeFb2KnZFsTxvULZYE2Odtyqd72fBQD:JEyHutZFG0YrOiqoW
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.98c19753dbee8352bb450feb4d842079a04b17456e21761e713b9d481b00ac86.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
NEAS.98c19753dbee8352bb450feb4d842079a04b17456e21761e713b9d481b00ac86.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.noscoegypt.com - Port:
465 - Username:
[email protected] - Password:
j3w[Ok%-wW,@ - Email To:
URL: mail.noscoegypt.com
https://api.telegram.org/bot6812788177:AAGkIGRh-hqEtxCxIbq-Dbm2V68_RxIRo8c/sendMessage?chat_id=5007084465
Targets
-
-
Target
NEAS.98c19753dbee8352bb450feb4d842079a04b17456e21761e713b9d481b00ac86.exe
-
Size
332KB
-
MD5
b5fbcda9d5577a1348fd66393e834c38
-
SHA1
de3a6bbabc63574238cdc3f78058fa752da31da0
-
SHA256
98c19753dbee8352bb450feb4d842079a04b17456e21761e713b9d481b00ac86
-
SHA512
bdd64acc3de80f6ca506639a989ca0dc5947e856913a7937ffd71726fed07f633c005ae70a3b53dc735d432ae78b67888870afa53e06e191c7f749fbf3ee8a53
-
SSDEEP
6144:JEasJm3yZ1bHuuywQ7sUeFb2KnZFsTxvULZYE2Odtyqd72fBQD:JEyHutZFG0YrOiqoW
Score10/10-
Snake Keylogger payload
-
Drops startup file
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-