General
-
Target
INVOICE.exe
-
Size
1.1MB
-
Sample
241028-qdvy6azgjp
-
MD5
5ae1b38a4a27613e4a6b8d176a0c329b
-
SHA1
0b0dd1b4d8da9e7f3ee3e1edc892fe2848326e7f
-
SHA256
206c2be165a381f961ecf12f28ba8505fcbfd8e9d11d910d7c0f64dd587d25a4
-
SHA512
b39550a95f118a4db6a5ea82ae15734e4d7535942022bba02bbcb5d57007e8150a423f39c3c6e686713db81da45576d94814ed877ab7ef4a98ef389183c30447
-
SSDEEP
24576:ffmMv6Ckr7Mny5QLlzalVfl6X3onmJ+yiuww6:f3v+7/5QLlz2V23Wnqwz
Static task
static1
Behavioral task
behavioral1
Sample
INVOICE.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
INVOICE.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot7725731697:AAGDaS6uwtjyooOqJDAR7sd2PrRE4x2kmLI/sendMessage?chat_id=7711653069
Targets
-
-
Target
INVOICE.exe
-
Size
1.1MB
-
MD5
5ae1b38a4a27613e4a6b8d176a0c329b
-
SHA1
0b0dd1b4d8da9e7f3ee3e1edc892fe2848326e7f
-
SHA256
206c2be165a381f961ecf12f28ba8505fcbfd8e9d11d910d7c0f64dd587d25a4
-
SHA512
b39550a95f118a4db6a5ea82ae15734e4d7535942022bba02bbcb5d57007e8150a423f39c3c6e686713db81da45576d94814ed877ab7ef4a98ef389183c30447
-
SSDEEP
24576:ffmMv6Ckr7Mny5QLlzalVfl6X3onmJ+yiuww6:f3v+7/5QLlz2V23Wnqwz
-
Snake Keylogger payload
-
Snakekeylogger family
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-