General
-
Target
7e797b29a6fdfb1e47b67632516a1391
-
Size
746KB
-
Sample
240129-bg49nsega3
-
MD5
7e797b29a6fdfb1e47b67632516a1391
-
SHA1
57840f5c20f2451c5c640c19d36e1a5368d910aa
-
SHA256
9e5ef6b7154d9a5b4c2df4eacbaf71f8968e782a72ed49319d8c0406479390e8
-
SHA512
82cbcb00c07d55b460859fdda14130c16d9914c70ba2a7dfb136f63a6b746d8c20fc8355cd26052c7ed899b0bdb178f1d7cc36e9aa7cddde1d14844146c256e3
-
SSDEEP
12288:/1Wl8TpCMxskWv62fGPfL8jKzQZzAQKiOiqWXGh:/AGn0yNYjKzQKQKdiH2h
Static task
static1
Behavioral task
behavioral1
Sample
7e797b29a6fdfb1e47b67632516a1391.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
7e797b29a6fdfb1e47b67632516a1391.exe
Resource
win10v2004-20231222-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.sayimkalip.com - Port:
587 - Username:
[email protected] - Password:
3edcvfr4** - Email To:
[email protected]
https://api.telegram.org/bot1483662500:AAGrMuxJV05-It-ke-xXVV6-R6IAtETpJb0/sendMessage?chat_id=1300181783
Targets
-
-
Target
7e797b29a6fdfb1e47b67632516a1391
-
Size
746KB
-
MD5
7e797b29a6fdfb1e47b67632516a1391
-
SHA1
57840f5c20f2451c5c640c19d36e1a5368d910aa
-
SHA256
9e5ef6b7154d9a5b4c2df4eacbaf71f8968e782a72ed49319d8c0406479390e8
-
SHA512
82cbcb00c07d55b460859fdda14130c16d9914c70ba2a7dfb136f63a6b746d8c20fc8355cd26052c7ed899b0bdb178f1d7cc36e9aa7cddde1d14844146c256e3
-
SSDEEP
12288:/1Wl8TpCMxskWv62fGPfL8jKzQZzAQKiOiqWXGh:/AGn0yNYjKzQKQKdiH2h
Score10/10-
Snake Keylogger payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-