General
-
Target
PAYMENT ADVISE MT107647545.exe
-
Size
930KB
-
Sample
241024-h8ftqa1aml
-
MD5
dab02bda6040baa9dd55a267c40ef2ed
-
SHA1
a114305562ece266d18b72f247651791f509f95e
-
SHA256
a3d4af8e960db3a71927f672f29ece4963dd200965f9d3ddd3a2db8d4150f53c
-
SHA512
b7325b4ad753c6fbec4c2ea6397edb9e686ec9896414f988abceb6a567a8f941381a225e4c39ca7acf9fe4dc2a5143392e8f01b2de0d740d6aefef70caf15ffa
-
SSDEEP
24576:ffmMv6Ckr7Mny5QLmA61Ksm6EX7q8o2sE8mMLH:f3v+7/5QLmv1JKWbX7
Static task
static1
Behavioral task
behavioral1
Sample
PAYMENT ADVISE MT107647545.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
PAYMENT ADVISE MT107647545.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot8129252196:AAFb_vUYwennKVolbwpXf3vnDfT_yhozHns/sendMessage?chat_id=7004340450
Targets
-
-
Target
PAYMENT ADVISE MT107647545.exe
-
Size
930KB
-
MD5
dab02bda6040baa9dd55a267c40ef2ed
-
SHA1
a114305562ece266d18b72f247651791f509f95e
-
SHA256
a3d4af8e960db3a71927f672f29ece4963dd200965f9d3ddd3a2db8d4150f53c
-
SHA512
b7325b4ad753c6fbec4c2ea6397edb9e686ec9896414f988abceb6a567a8f941381a225e4c39ca7acf9fe4dc2a5143392e8f01b2de0d740d6aefef70caf15ffa
-
SSDEEP
24576:ffmMv6Ckr7Mny5QLmA61Ksm6EX7q8o2sE8mMLH:f3v+7/5QLmv1JKWbX7
-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-