General
-
Target
OZJa.exe
-
Size
458KB
-
Sample
231120-ve4d5shb86
-
MD5
f764395a696a4dd4b3a010d6bc8208ea
-
SHA1
22c55366e50f18902f2a4c3a6237b6fa42b1a744
-
SHA256
a1d7f17262e1ea8bcc8e1095b93d4203b9007cda54e752205b9358c01cf1c0ed
-
SHA512
2517f0c0d237ec5e9d83254f3980bd7ee17955dbb4027c459e3b4a6c635139bf6ef93ba22bb3c979d76e3008b469a4babf2c419037f1e0f55647723caa912f45
-
SSDEEP
12288:VvCeU1SvZ951WVDFRWFpNRo5e3g7DvV44r96+tGB:VqeU14/OVfWFpHo5N7Dvm4r/tG
Static task
static1
Behavioral task
behavioral1
Sample
OZJa.exe
Resource
win7-20231025-en
Behavioral task
behavioral2
Sample
OZJa.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6735527834:AAH3PffzMarE3Ys8tyS4SQ0IBXrHFKmsmnQ/sendMessage?chat_id=6692536703
Targets
-
-
Target
OZJa.exe
-
Size
458KB
-
MD5
f764395a696a4dd4b3a010d6bc8208ea
-
SHA1
22c55366e50f18902f2a4c3a6237b6fa42b1a744
-
SHA256
a1d7f17262e1ea8bcc8e1095b93d4203b9007cda54e752205b9358c01cf1c0ed
-
SHA512
2517f0c0d237ec5e9d83254f3980bd7ee17955dbb4027c459e3b4a6c635139bf6ef93ba22bb3c979d76e3008b469a4babf2c419037f1e0f55647723caa912f45
-
SSDEEP
12288:VvCeU1SvZ951WVDFRWFpNRo5e3g7DvV44r96+tGB:VqeU14/OVfWFpHo5N7Dvm4r/tG
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-