General
-
Target
05072024_1449_04072024_發票.rar
-
Size
603KB
-
Sample
240705-r7f8jazgpj
-
MD5
9d5bfecdb22d1febf79a940ad5648ad3
-
SHA1
da06173497e364de8e1f756e9c3a8bba1c11b20b
-
SHA256
8486f181bab99eb0df17a9f85acb7425e2bea61850cac01b3938bea2d3e056dd
-
SHA512
03285da7ae010bc53c08cfe8b378f14385cd40ac3c9a000ab36eb55b1b3520245b3dbf1534dc2482ed726dde0dd84ddda3a5afd6898cb6e9bbe30af693b28288
-
SSDEEP
12288:YEPJkGX7TO54/1KnQkDtFfrAFzyn6BB7gH5Rjl7Am2dV7Bhg:zko7TOi/18rfsn7gZveV7BK
Behavioral task
behavioral1
Sample
發票.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
發票.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot7369383080:AAHZ3-eOPNC8dmeokZayL5k2b8wsqK_6ziI/sendMessage?chat_id=6485182959
Targets
-
-
Target
發票.exe
-
Size
628KB
-
MD5
d6da9124c180ce53a244bdda9caa747a
-
SHA1
422caac2a08e35d47c5990771a1744595a03737c
-
SHA256
95c6bc7d559e0a52f10a6842b2e04bac219c168c99dec9993d8eaecfdae3aeb0
-
SHA512
c9937a342fcb5d355edff856447f69b6a7a16a0e60b0f673ecd8daee0dcbe02d50998db338d0463be9fa4c0cdd184464c6bca557037a48bf4b27af32bcd7872b
-
SSDEEP
12288:qYV6MorX7qzuC3QHO9FQVHPF51jgczyELf3U4p2XAUAmvBJhDxrn:ZBXu9HGaVH1LPtp2kmvdVL
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-