General
-
Target
All#att098764576.7z
-
Size
587KB
-
Sample
241002-p1r1ca1ard
-
MD5
680cae396ec3cdc9095840dc2d83b30d
-
SHA1
669a6973e4740202d603755ebad112922b83950e
-
SHA256
013c1285a4d499b68e7eb8c4190527b4bb8dba74d438f827e7754db127ea6fb5
-
SHA512
4974e4b427605aa163dd092cb61554669f7220f716add1824e248c8e34163035fdabe1549f9e8d83f92c140d01836e9da88dee8b9eeeea65d8a37aea4bbd9a3f
-
SSDEEP
12288:k+8YO+GDp+auXi7bNCDWhCjAvcxzN+yjs2Z2LmqzrFV:T5O1Me7bEDWsjbtg7qqzxV
Static task
static1
Behavioral task
behavioral1
Sample
All#att098764576.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
All#att098764576.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot7680649284:AAG1mT6S_D1I5s0plOtxHel1WSk4LngQbVQ/sendMessage?chat_id=6980187819
Targets
-
-
Target
All#att098764576.exe
-
Size
963KB
-
MD5
5341cd0c95c935a73c2d3a3fb31db093
-
SHA1
d2601f228938666674d5e6242d2b96c14ea98e51
-
SHA256
6fabfce57e7c8674b37429eb9afec068608eec31f20c2b085a4b63c7f77873a1
-
SHA512
37a627d82b0a7cb904ad2db75f4ce3ca3e71cfced8a8902569d32c963e042c34945df27cf27052e87cb452719c58220c71830398c12e7b72184d76adcc677f8d
-
SSDEEP
24576:uRmJkcoQricOIQxiZY1iaChCsijnnapIz7E:7JZoQrbTFZY1iaCQJapI8
-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-