General
-
Target
NEAS.7995a7b70fd579b2d7562444301504e7fb8834fda0666b52386592d8e5ec13e4.exe
-
Size
1.2MB
-
Sample
231114-kbz77shf5z
-
MD5
a3340c23b9134ddf2e7522e25936899c
-
SHA1
5e12c6ebd3c9c075de080056353070017e68cacb
-
SHA256
7995a7b70fd579b2d7562444301504e7fb8834fda0666b52386592d8e5ec13e4
-
SHA512
a829f3a3c8210b922dc23940ce7f54e78f8a009635b6d8e7b4fba22d58809632fa36e764304642ca69035cc7f0d5b76266cc920c6777c38697e1d5064bcd6167
-
SSDEEP
12288:1PwdV/Ul5tP+EFx5wtI25qGDP/5lNKOLlCjpIdy1bY13Kj25PyYcZYXgDPW3dEd0:imlDWEFxIdP/5TH260CG25PZXbid11A
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.7995a7b70fd579b2d7562444301504e7fb8834fda0666b52386592d8e5ec13e4.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
NEAS.7995a7b70fd579b2d7562444301504e7fb8834fda0666b52386592d8e5ec13e4.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6630888620:AAE93xtVx5O2Dxt-GABfyfFS0US096iv3q8/sendMessage?chat_id=1467583453
Targets
-
-
Target
NEAS.7995a7b70fd579b2d7562444301504e7fb8834fda0666b52386592d8e5ec13e4.exe
-
Size
1.2MB
-
MD5
a3340c23b9134ddf2e7522e25936899c
-
SHA1
5e12c6ebd3c9c075de080056353070017e68cacb
-
SHA256
7995a7b70fd579b2d7562444301504e7fb8834fda0666b52386592d8e5ec13e4
-
SHA512
a829f3a3c8210b922dc23940ce7f54e78f8a009635b6d8e7b4fba22d58809632fa36e764304642ca69035cc7f0d5b76266cc920c6777c38697e1d5064bcd6167
-
SSDEEP
12288:1PwdV/Ul5tP+EFx5wtI25qGDP/5lNKOLlCjpIdy1bY13Kj25PyYcZYXgDPW3dEd0:imlDWEFxIdP/5TH260CG25PZXbid11A
-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-