General
-
Target
PAYMENT ADVISE MT107647545.exe
-
Size
918KB
-
Sample
241023-hpr3mswhjd
-
MD5
bc8587d56c7d715cf7bc5fe3bba73724
-
SHA1
0bd96680105b07d2a6a0e92c0a163444aa8de18a
-
SHA256
2def60ac1c2f5a4836dca6365a62a61092512511b917ca5add900583a7ee184f
-
SHA512
944af22228ca5a71144ec5adca7973e15ad523b776337d56f5ef44ef4538a2a522b161f1c792f78d7c731c01e7a8642c58e455493b4e645db8285e891673a269
-
SSDEEP
12288:rLkcoxg7v3qnC11ErwIhh0F4qwUgUny5QL3tXayxNh69vjMAxK14r2TOtl:ffmMv6Ckr7Mny5QLsyxN49rY/E
Static task
static1
Behavioral task
behavioral1
Sample
PAYMENT ADVISE MT107647545.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
PAYMENT ADVISE MT107647545.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot8129252196:AAFb_vUYwennKVolbwpXf3vnDfT_yhozHns/sendMessage?chat_id=7004340450
Targets
-
-
Target
PAYMENT ADVISE MT107647545.exe
-
Size
918KB
-
MD5
bc8587d56c7d715cf7bc5fe3bba73724
-
SHA1
0bd96680105b07d2a6a0e92c0a163444aa8de18a
-
SHA256
2def60ac1c2f5a4836dca6365a62a61092512511b917ca5add900583a7ee184f
-
SHA512
944af22228ca5a71144ec5adca7973e15ad523b776337d56f5ef44ef4538a2a522b161f1c792f78d7c731c01e7a8642c58e455493b4e645db8285e891673a269
-
SSDEEP
12288:rLkcoxg7v3qnC11ErwIhh0F4qwUgUny5QL3tXayxNh69vjMAxK14r2TOtl:ffmMv6Ckr7Mny5QLsyxN49rY/E
-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-