General
-
Target
7a73df82b37bc1ef12e62d30b3164ea6
-
Size
400KB
-
Sample
240127-rf92jadgb6
-
MD5
7a73df82b37bc1ef12e62d30b3164ea6
-
SHA1
016fce0697a0b097d1bf12995b37d7afe3433fd2
-
SHA256
d480fd41cd9a62bfe2581d4f2a305cc432ffa28da059decf159d53b1874057fc
-
SHA512
4225a28740371579bf5597b476598615c0f2381555ada9f90feb7c66e0a287f708eef2a46eff92303ef9b2e5f06597481dba4a98460d6be3f4cc7ff90b76f5cf
-
SSDEEP
6144:Dxkfjwq/nHwm80S7zIDxm9i9R3JbN2Gz5T6xEFaHTdBh6ZLIfBu/y6+QgCHl202j:D8jDvIJoTq6aHTdBh6ZLIfItMCF5Rlc
Static task
static1
Behavioral task
behavioral1
Sample
7a73df82b37bc1ef12e62d30b3164ea6.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
7a73df82b37bc1ef12e62d30b3164ea6.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot1817928218:AAFcWGpfMsSiXXvCAylg0FnRVFlCr_5edUc/sendMessage?chat_id=1293496579
Targets
-
-
Target
7a73df82b37bc1ef12e62d30b3164ea6
-
Size
400KB
-
MD5
7a73df82b37bc1ef12e62d30b3164ea6
-
SHA1
016fce0697a0b097d1bf12995b37d7afe3433fd2
-
SHA256
d480fd41cd9a62bfe2581d4f2a305cc432ffa28da059decf159d53b1874057fc
-
SHA512
4225a28740371579bf5597b476598615c0f2381555ada9f90feb7c66e0a287f708eef2a46eff92303ef9b2e5f06597481dba4a98460d6be3f4cc7ff90b76f5cf
-
SSDEEP
6144:Dxkfjwq/nHwm80S7zIDxm9i9R3JbN2Gz5T6xEFaHTdBh6ZLIfBu/y6+QgCHl202j:D8jDvIJoTq6aHTdBh6ZLIfItMCF5Rlc
Score10/10-
Snake Keylogger payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-