General
-
Target
7e9b362a71c816988c0664c4f5e8c27f5e8ebdea5f7ecbf027f90043a3a14f46
-
Size
842KB
-
Sample
241028-vmjdyasjfp
-
MD5
493282d66f2a4e2c569a6018a3228a86
-
SHA1
e968c7a8c74258f819ae2d4a44a265918239146d
-
SHA256
7e9b362a71c816988c0664c4f5e8c27f5e8ebdea5f7ecbf027f90043a3a14f46
-
SHA512
7758ee72cc4c12363c44215bde1b715ddfb445bc2b5fe9140c0d029545ab99526f7900d387cfe53f49c96d51ecd179705f34d42fdaa640849e3a35b6a18dc19c
-
SSDEEP
24576:g+YAjq5pdLjud/UfYqN39juwHkDmKOIsZkBrv:5tjq5zLjIrqNtupSKOI0kBrv
Static task
static1
Behavioral task
behavioral1
Sample
Contract.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Contract.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot7498931539:AAE8KHb70FueL6YmOOF6rhS3Z3o-F1rx6_A/sendMessage?chat_id=1178171552
Targets
-
-
Target
Contract.exe
-
Size
1.1MB
-
MD5
99ca910b16db27ba66db9cbec2415cea
-
SHA1
cad321a828e9a42d6487be7bff031470cb06080b
-
SHA256
98ad6abcac89f5fe797e52b948b022c86b77960d89d0d0c08a74342e4ab2d0f5
-
SHA512
b0f2517ec1fa23552c0adfafc6fabbb22c491cb8071fb4a1028c94e36e6c54b25ea00dd2d3e34f306f105c7df9d15f8f58ab7f8f5d7ed9b913ebff4a87a6065b
-
SSDEEP
24576:ffmMv6Ckr7Mny5QLrqN39nuk3kDWKOQsZkDpI:f3v+7/5QLrqNtuJaKOQ0kDpI
-
Snake Keylogger payload
-
Snakekeylogger family
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-