General
-
Target
71eba39e12395d9976498f3e4a3149a91ef60781a028165c1e4411b5d9101f38.exe
-
Size
967KB
-
Sample
240920-btevjs1gne
-
MD5
92e968ac53d2d4e180df2f21673a0839
-
SHA1
4be19b7994ca2858a98350943ff68e90432007d7
-
SHA256
71eba39e12395d9976498f3e4a3149a91ef60781a028165c1e4411b5d9101f38
-
SHA512
41b0443d5bfc450df9c0b882b75a9c9114511986637c5596674ab59a85dfe0981cba51012bd2ce9dae63ea58f4b08b5e8bd8a19ae88f2677223b472f221bcb84
-
SSDEEP
24576:uRmJkcoQricOIQxiZY1iaC8keeMuBBr47eeJ7hJh:7JZoQrbTFZY1iaCfphLr47bpjh
Static task
static1
Behavioral task
behavioral1
Sample
71eba39e12395d9976498f3e4a3149a91ef60781a028165c1e4411b5d9101f38.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
71eba39e12395d9976498f3e4a3149a91ef60781a028165c1e4411b5d9101f38.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.invesxteu.info - Port:
587 - Username:
[email protected] - Password:
rwe87$%21q
https://api.telegram.org/bot7459546078:AAGmu84_Q9kndb_8-LhtglvhA0W4Utfq03Y/sendMessage?chat_id=7530923766
Targets
-
-
Target
71eba39e12395d9976498f3e4a3149a91ef60781a028165c1e4411b5d9101f38.exe
-
Size
967KB
-
MD5
92e968ac53d2d4e180df2f21673a0839
-
SHA1
4be19b7994ca2858a98350943ff68e90432007d7
-
SHA256
71eba39e12395d9976498f3e4a3149a91ef60781a028165c1e4411b5d9101f38
-
SHA512
41b0443d5bfc450df9c0b882b75a9c9114511986637c5596674ab59a85dfe0981cba51012bd2ce9dae63ea58f4b08b5e8bd8a19ae88f2677223b472f221bcb84
-
SSDEEP
24576:uRmJkcoQricOIQxiZY1iaC8keeMuBBr47eeJ7hJh:7JZoQrbTFZY1iaCfphLr47bpjh
-
Snake Keylogger payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-