General
-
Target
Цитата.rar
-
Size
605KB
-
Sample
240706-lls3bavajq
-
MD5
4761ff92cdb2bfe2f892737b52f63945
-
SHA1
d6d89531ec7dcfab294a6d927e1745323d52cfc4
-
SHA256
d31aea09fb106192bdf53cac554afe64e8c605edf6da5fcb9fe1fec225ab44b5
-
SHA512
c66ec28815457dd21adca6587d2a47dc5775a8fcd0af14370252f86deda4a79e8040fac640c1f72634b22f5783d4070f92f4543246b224afb530403480aa0f41
-
SSDEEP
12288:2XPJq7+i54DLV44OQdydUxP6qZnfnpnDlYJLyMQcdc:2Bq7+iiD5lOQd3oQfBELydmc
Behavioral task
behavioral1
Sample
Цитата.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
Цитата.exe
Resource
win10v2004-20240704-en
Behavioral task
behavioral3
Sample
out.exe
Resource
win7-20240705-en
Behavioral task
behavioral4
Sample
out.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot7369383080:AAHZ3-eOPNC8dmeokZayL5k2b8wsqK_6ziI/sendMessage?chat_id=6485182959
Targets
-
-
Target
Цитата.exe
-
Size
630KB
-
MD5
8305c265914ce059abaaa2052f8f92eb
-
SHA1
058685c06b39d568c8ac14834605e2b322c6b5d1
-
SHA256
943d1c268a4801187c975474c8e50695e1ba90149cd76daefdc8db9fae9e908c
-
SHA512
0df7a5591a1964a56b9060bf2a3cbccbd37f29a163f1659af0d32de7953c46d3977560b370f0f7b37632679e1af5760ddf9036891e2405291ea9db33d0067ba3
-
SSDEEP
12288:NYV6MorX7qzuC3QHO9FQVHPF51jgczxEv0x/w3hD9dVLUD2z5bV:iBXu9HGaVHUE/ghJdSaVbV
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-
-
-
Target
out.upx
-
Size
1.1MB
-
MD5
2154c9c4d4720114cfc8ce69fe69d090
-
SHA1
b5f166660e10cce4391bc7705ebb9ea8feae77b9
-
SHA256
5b4b67a69a84f5191785d13abd2882ed8358f6b67cb3129d53803f9af1e633d3
-
SHA512
814fe6799e1b1281ef5a470316d7f011621ad68952f1446591ff86079da9276e0e86d09161a4c41c22a66f5ed13fa0e170504fa8d9321c0550c708530c0a7320
-
SSDEEP
24576:eAHnh+eWsN3skA4RV1Hom2KXDmnE/ghJdSaVbV:Jh+ZkldoPKz1Y5/Vb
Score1/10 -