General
-
Target
ef52c9a19d3b35f63eb2b85cc82cff61c9ff6c828d99c9adbe120fa568e111ea.exe
-
Size
942KB
-
Sample
241008-c1mz6sydqg
-
MD5
eea62ff363757124e1dc52e2d73a4595
-
SHA1
92716a1f8b0b7f2cbe6a09057e45c510587affd0
-
SHA256
ef52c9a19d3b35f63eb2b85cc82cff61c9ff6c828d99c9adbe120fa568e111ea
-
SHA512
1f3164818109c48aba0e122293234a6f8c232770195f18172a855222cfb31f684cb1740492081bf3ac8eb0e86328a02f441d7ecaf156ba874250a8ba500422e7
-
SSDEEP
12288:rLkcoxg7v3qnC11ErwIhh0F4qwUgUny5QLRQdDQYZ6DO42c/yRUpsFJF:ffmMv6Ckr7Mny5QLRQdDlZ664l/ySpsp
Static task
static1
Behavioral task
behavioral1
Sample
ef52c9a19d3b35f63eb2b85cc82cff61c9ff6c828d99c9adbe120fa568e111ea.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
ef52c9a19d3b35f63eb2b85cc82cff61c9ff6c828d99c9adbe120fa568e111ea.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot7887381131:AAH4jHJ7Kc0dolQ_x2jW8rTr7XHsdKKLTaM/sendMessage?chat_id=6557702940
Targets
-
-
Target
ef52c9a19d3b35f63eb2b85cc82cff61c9ff6c828d99c9adbe120fa568e111ea.exe
-
Size
942KB
-
MD5
eea62ff363757124e1dc52e2d73a4595
-
SHA1
92716a1f8b0b7f2cbe6a09057e45c510587affd0
-
SHA256
ef52c9a19d3b35f63eb2b85cc82cff61c9ff6c828d99c9adbe120fa568e111ea
-
SHA512
1f3164818109c48aba0e122293234a6f8c232770195f18172a855222cfb31f684cb1740492081bf3ac8eb0e86328a02f441d7ecaf156ba874250a8ba500422e7
-
SSDEEP
12288:rLkcoxg7v3qnC11ErwIhh0F4qwUgUny5QLRQdDQYZ6DO42c/yRUpsFJF:ffmMv6Ckr7Mny5QLRQdDlZ664l/ySpsp
-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-