General
-
Target
892885effadd96dae30af906c0e900706652b3b20e5547b9e4289f531d1a2c73.rar
-
Size
436KB
-
Sample
240711-b5ph5avakb
-
MD5
091c13e617638d0d7acfd5ff81594b6a
-
SHA1
7dc3d25ddfcbb478390e0f132825f93737143a13
-
SHA256
892885effadd96dae30af906c0e900706652b3b20e5547b9e4289f531d1a2c73
-
SHA512
d67a752edae3933420551cb8f91817b134ca71b341585c24b7912d151802b19ad719836e94143af0cd6878e84034f649fb7247c40040a1df9f9d9b1671fb77f1
-
SSDEEP
6144:Z2d4/41dDbqRK8rqr7hnRGCf8+MpVbLC0jJ6+Wgx8qNwU51mTRwTZz1PVeFV4fmv:wdIRKaqPh0xV0A/Ya7Yab+xOqj
Static task
static1
Behavioral task
behavioral1
Sample
SWIFT.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
SWIFT.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240705-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/nsExec.dll
Resource
win7-20240704-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10v2004-20240709-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot7377884885:AAGDE6_d9hXHQkXeQnXVnXZia5CIJu4gajM/sendMessage?chat_id=7161549085
Targets
-
-
Target
SWIFT.exe
-
Size
775KB
-
MD5
0d0f944239a7dd07826e28edf9647185
-
SHA1
3911f09935fb37f9f6cc3ff990e12e6143282d8a
-
SHA256
c58de5f40be8fd760fc08b1ef7ae5a3f5771dbc214426156e3a21a89bb8303fc
-
SHA512
e5077fa3179d7082587d606b8c8c6b5c0d74794225394522d92a06295e962a1cdb9868ac415720e3908222cc6c55312d24868be8d8ec2e52ef81243080fe5b7e
-
SSDEEP
12288:7akAv7gfFvt8pjs0p1cvxM/r9RKGqHmIdD+c:+kiext2Y0QMz9RKHHF9D
Score10/10-
Snake Keylogger payload
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
4d3b19a81bd51f8ce44b93643a4e3a99
-
SHA1
35f8b00e85577b014080df98bd2c378351d9b3e9
-
SHA256
fda0018ab182ac6025d2fc9a2efcce3745d1da21ce5141859f8286cf319a52ce
-
SHA512
b2ba9c961c0e1617f802990587a9000979ab5cc493ae2f8ca852eb43eeaf24916b0b29057dbff7d41a1797dfb2dce3db41990e8639b8f205771dbec3fd80f622
-
SSDEEP
192:BPtkumJX7zB22kGwfy0mtVgkCPOse1un:u702k5qpdseQn
Score3/10 -
-
-
Target
$PLUGINSDIR/nsExec.dll
-
Size
6KB
-
MD5
3eb4cd50dcb9f5981f5408578cb7fb70
-
SHA1
13b38cc104ba6ee22dc4dfa6e480e36587f4bc71
-
SHA256
1c2f19e57dc72587aa00800a498c5f581b7d6761dc13b24bcf287ea7bd5ca2bf
-
SHA512
5a0c9d28df7a77e157046dce876282c48f434a441ee34e12b88f55be31be536eff676f580adbe4586da3f1519f94b5793ccbb3068b4b009eee286c0c5135d324
-
SSDEEP
96:+7GUxNkO6GR0t9GKKr1Zd8NHYVVHp4dEeY3kRnHdMqqyVgNv3e:QXhHR0aTQN4gRHdMqJVgNG
Score3/10 -