General
-
Target
na.hta
-
Size
129KB
-
Sample
241016-stl3as1ajn
-
MD5
03140c0995d8db21fe4fb2f030322615
-
SHA1
0199286b876a0d3e896b1830ff024555374e51f3
-
SHA256
95e002035116146de7fdf04b59845552552c7527b8bb3893abaf3a51d5061305
-
SHA512
9f2682368cd24bf210edf0ec6d286d016a89b5fba4649fdd76d18bdc7f1cbc4dfb079079d074756dbfcf6377c1e34d6b59664df6ca7a8e6770af2fce704e09f9
-
SSDEEP
96:Eam780jLy6w80jLyrdUwSdffYJMK0jLyqx0jLyt0Aj5OtG80jLy987T:Ea280f7w80fCUpdWMK0fd0fX5A80fGCT
Static task
static1
Behavioral task
behavioral1
Sample
na.hta
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
na.hta
Resource
win10v2004-20241007-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot7913958792:AAFOhfKo5L7M50XG6odxxQQwJAeD3zGEuJU/sendMessage?chat_id=7004340450
Targets
-
-
Target
na.hta
-
Size
129KB
-
MD5
03140c0995d8db21fe4fb2f030322615
-
SHA1
0199286b876a0d3e896b1830ff024555374e51f3
-
SHA256
95e002035116146de7fdf04b59845552552c7527b8bb3893abaf3a51d5061305
-
SHA512
9f2682368cd24bf210edf0ec6d286d016a89b5fba4649fdd76d18bdc7f1cbc4dfb079079d074756dbfcf6377c1e34d6b59664df6ca7a8e6770af2fce704e09f9
-
SSDEEP
96:Eam780jLy6w80jLyrdUwSdffYJMK0jLyqx0jLyt0Aj5OtG80jLy987T:Ea280f7w80fCUpdWMK0fd0fX5A80fGCT
-
Snake Keylogger payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Evasion via Device Credential Deployment
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-