General
-
Target
z74fBF2ObiS1g87mbS.exe
-
Size
737KB
-
Sample
241028-t33bba1pbl
-
MD5
83e4eb81deaa9d3e5c59812c8dd97a89
-
SHA1
af49bc12cc6d2ca6265723e1781d34537b7d51cc
-
SHA256
a27e29b26b25a83e2d17a66ba98e51c93915364d03998cdad25965c3fc2104a4
-
SHA512
2b2f5a29196583ced07460d2fdb6a503217628fac2ea25210db5765472d77dee2242a28ffce59a3a7b52c319b153bfae2e44b1be62e0bd5647b568ba178262c9
-
SSDEEP
12288:GQWoX0U1YjyndWMqZgdi/xcsyo5sXMugmjhJcdhgysOYj24nXLFFYB:CokUrG3/qsy8sb+Pgy224XZFw
Static task
static1
Behavioral task
behavioral1
Sample
z74fBF2ObiS1g87mbS.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
z74fBF2ObiS1g87mbS.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot7733074716:AAHPqUDZNcrQPzH_G03x5ppIOnkxZuz-Nyk/sendMessage?chat_id=7337843299
Targets
-
-
Target
z74fBF2ObiS1g87mbS.exe
-
Size
737KB
-
MD5
83e4eb81deaa9d3e5c59812c8dd97a89
-
SHA1
af49bc12cc6d2ca6265723e1781d34537b7d51cc
-
SHA256
a27e29b26b25a83e2d17a66ba98e51c93915364d03998cdad25965c3fc2104a4
-
SHA512
2b2f5a29196583ced07460d2fdb6a503217628fac2ea25210db5765472d77dee2242a28ffce59a3a7b52c319b153bfae2e44b1be62e0bd5647b568ba178262c9
-
SSDEEP
12288:GQWoX0U1YjyndWMqZgdi/xcsyo5sXMugmjhJcdhgysOYj24nXLFFYB:CokUrG3/qsy8sb+Pgy224XZFw
-
Snake Keylogger payload
-
Snakekeylogger family
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-