General
-
Target
11072024_0739_10072024_PO#012637210.rar
-
Size
514KB
-
Sample
240711-jgzm7awcqr
-
MD5
35000fcc2d03f9f0b285658840c38fc0
-
SHA1
8d6d52bd9f5e346e6de393acfae59c425f65781d
-
SHA256
913f859cd5399a0e54329a964389ecd5ca297591e7320382f318a0f5799f4092
-
SHA512
11ec21cf5d627827f4d335aafe5f1c5a359164d39d04f124acd7c6049312d786968130cdded7ececc7bc2c9f78adc0a20a5a343736901960fe9dacf1678977d7
-
SSDEEP
12288:SnYK6RmpXqK9iYi9+Nw4ExtmzSR+PFR6+8JR6ETd:IY+aK9iJ0NQx8zSEPqZJQER
Static task
static1
Behavioral task
behavioral1
Sample
PO#012637210.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
PO#012637210.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6756118950:AAGfdfhshYm8ER28iBEbbJy5ae-eVJaOJUM/sendMessage?chat_id=6278563907
Targets
-
-
Target
PO#012637210.exe
-
Size
1.1MB
-
MD5
806efd8a3ed46eba0a05490ca09df108
-
SHA1
141740d709913e9193d574f66497a8540228c24d
-
SHA256
a59ce547293a1d816d08f16e0261cbadaec4da508e3cfb6e7c87e201d5ce31f5
-
SHA512
87ee0fe5563327fa3314146a07b81266a32b12de4ab4390eee11059047ba0faa07f4c7e544956b300efa4b606f617cd7457ab2fb88f50ae1eed2a19a35ffcb84
-
SSDEEP
24576:YAHnh+eWsN3skA4RV1Hom2KXMmHahZsTLVCv5:fh+ZkldoPK8YahCXVm
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-