General
-
Target
74d6ad148e3cbc20e9ffdc0a98afb58d4ce813a30966b08d82cbc195535de1fe.exe
-
Size
788KB
-
Sample
240712-wckdxstekm
-
MD5
c1c8248dbee8c637d345edcbfd7eaac0
-
SHA1
7d72dbe4f76da77b479301cb0488447771e7a1b6
-
SHA256
74d6ad148e3cbc20e9ffdc0a98afb58d4ce813a30966b08d82cbc195535de1fe
-
SHA512
bb734d6c97eb0564857d389f8d5b94b2712fe37ca0e7667a7835583828efc8853f9aa0ac57cac77f42db7d294fe3f733622c66b124ba6b09aba167ca182a1988
-
SSDEEP
12288:daoOaTGw49hCTdN/uWBxouYft8pjs0pwvxM/r9RKGqHmIdD+e:copTx8CTtouCt2Y0eMz9RKHHF9R
Static task
static1
Behavioral task
behavioral1
Sample
74d6ad148e3cbc20e9ffdc0a98afb58d4ce813a30966b08d82cbc195535de1fe.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
74d6ad148e3cbc20e9ffdc0a98afb58d4ce813a30966b08d82cbc195535de1fe.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240704-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/nsExec.dll
Resource
win7-20240704-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10v2004-20240709-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot7377884885:AAGDE6_d9hXHQkXeQnXVnXZia5CIJu4gajM/sendMessage?chat_id=7161549085
Targets
-
-
Target
74d6ad148e3cbc20e9ffdc0a98afb58d4ce813a30966b08d82cbc195535de1fe.exe
-
Size
788KB
-
MD5
c1c8248dbee8c637d345edcbfd7eaac0
-
SHA1
7d72dbe4f76da77b479301cb0488447771e7a1b6
-
SHA256
74d6ad148e3cbc20e9ffdc0a98afb58d4ce813a30966b08d82cbc195535de1fe
-
SHA512
bb734d6c97eb0564857d389f8d5b94b2712fe37ca0e7667a7835583828efc8853f9aa0ac57cac77f42db7d294fe3f733622c66b124ba6b09aba167ca182a1988
-
SSDEEP
12288:daoOaTGw49hCTdN/uWBxouYft8pjs0pwvxM/r9RKGqHmIdD+e:copTx8CTtouCt2Y0eMz9RKHHF9R
Score10/10-
Snake Keylogger payload
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
4d3b19a81bd51f8ce44b93643a4e3a99
-
SHA1
35f8b00e85577b014080df98bd2c378351d9b3e9
-
SHA256
fda0018ab182ac6025d2fc9a2efcce3745d1da21ce5141859f8286cf319a52ce
-
SHA512
b2ba9c961c0e1617f802990587a9000979ab5cc493ae2f8ca852eb43eeaf24916b0b29057dbff7d41a1797dfb2dce3db41990e8639b8f205771dbec3fd80f622
-
SSDEEP
192:BPtkumJX7zB22kGwfy0mtVgkCPOse1un:u702k5qpdseQn
Score3/10 -
-
-
Target
$PLUGINSDIR/nsExec.dll
-
Size
6KB
-
MD5
3eb4cd50dcb9f5981f5408578cb7fb70
-
SHA1
13b38cc104ba6ee22dc4dfa6e480e36587f4bc71
-
SHA256
1c2f19e57dc72587aa00800a498c5f581b7d6761dc13b24bcf287ea7bd5ca2bf
-
SHA512
5a0c9d28df7a77e157046dce876282c48f434a441ee34e12b88f55be31be536eff676f580adbe4586da3f1519f94b5793ccbb3068b4b009eee286c0c5135d324
-
SSDEEP
96:+7GUxNkO6GR0t9GKKr1Zd8NHYVVHp4dEeY3kRnHdMqqyVgNv3e:QXhHR0aTQN4gRHdMqJVgNG
Score3/10 -