General
-
Target
88ad296056a6be66969f1e5ce6694398944804a39d8465b42e0af73c5af12cb0.doc
-
Size
207KB
-
Sample
240423-tz5bhahg9v
-
MD5
d90ae35b86323a7495fbd0f89b74ad08
-
SHA1
a913d6148cbfb3a5be68a34052a4d1ab7d9de989
-
SHA256
88ad296056a6be66969f1e5ce6694398944804a39d8465b42e0af73c5af12cb0
-
SHA512
54e720b166c2a2e780c973d4da1b93403e098526cea1ac11a49ef8915eeea7c97faa905b233905d86adb2a0ec7e02ea412eb31608b5634bdd3685f9f183a9e94
-
SSDEEP
768:sfDwAbZSibMX9gRWjtwAbZSibMX9gRWjtwAbZSibMX9gRWjAFU+Gt8ygBa75ZtaM:OwAlRkwAlRkwAlRPU+G+Xa75ZcqT
Static task
static1
Behavioral task
behavioral1
Sample
88ad296056a6be66969f1e5ce6694398944804a39d8465b42e0af73c5af12cb0.rtf
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
88ad296056a6be66969f1e5ce6694398944804a39d8465b42e0af73c5af12cb0.rtf
Resource
win10v2004-20240412-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot5611396317:AAGsgxx4hwlHZa8kVodTZpCQipWRFwFvBO0/sendMessage?chat_id=5237953097
Targets
-
-
Target
88ad296056a6be66969f1e5ce6694398944804a39d8465b42e0af73c5af12cb0.doc
-
Size
207KB
-
MD5
d90ae35b86323a7495fbd0f89b74ad08
-
SHA1
a913d6148cbfb3a5be68a34052a4d1ab7d9de989
-
SHA256
88ad296056a6be66969f1e5ce6694398944804a39d8465b42e0af73c5af12cb0
-
SHA512
54e720b166c2a2e780c973d4da1b93403e098526cea1ac11a49ef8915eeea7c97faa905b233905d86adb2a0ec7e02ea412eb31608b5634bdd3685f9f183a9e94
-
SSDEEP
768:sfDwAbZSibMX9gRWjtwAbZSibMX9gRWjtwAbZSibMX9gRWjAFU+Gt8ygBa75ZtaM:OwAlRkwAlRkwAlRPU+G+Xa75ZcqT
Score10/10-
Snake Keylogger payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-