General
-
Target
INVOICE.exe
-
Size
1.1MB
-
Sample
241030-kr54dszdrb
-
MD5
ed5414a7d78e7dcdcf0112e110e245f9
-
SHA1
f2531cc02361d98c2972f043e5ee84b76e704ac3
-
SHA256
1b5f80400b3a1c576088617608134dc43954a3cb7a4e7c5e80cb2beeeae3cbfc
-
SHA512
6a862d792916f141bf0c8132846a3ccb7252371ebcd4fd863efd2010839d8d2f1fdb209035dc64f7d425dfe8387bcc4ccd91e92034de1a8f3d6ceead2a973fd6
-
SSDEEP
24576:ffmMv6Ckr7Mny5QLODvZpV1GXmGijvcQHVbo2a:f3v+7/5QLOD/u2Giru2a
Static task
static1
Behavioral task
behavioral1
Sample
INVOICE.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
INVOICE.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot7725731697:AAGDaS6uwtjyooOqJDAR7sd2PrRE4x2kmLI/sendMessage?chat_id=7711653069
Targets
-
-
Target
INVOICE.exe
-
Size
1.1MB
-
MD5
ed5414a7d78e7dcdcf0112e110e245f9
-
SHA1
f2531cc02361d98c2972f043e5ee84b76e704ac3
-
SHA256
1b5f80400b3a1c576088617608134dc43954a3cb7a4e7c5e80cb2beeeae3cbfc
-
SHA512
6a862d792916f141bf0c8132846a3ccb7252371ebcd4fd863efd2010839d8d2f1fdb209035dc64f7d425dfe8387bcc4ccd91e92034de1a8f3d6ceead2a973fd6
-
SSDEEP
24576:ffmMv6Ckr7Mny5QLODvZpV1GXmGijvcQHVbo2a:f3v+7/5QLOD/u2Giru2a
-
Snake Keylogger payload
-
Snakekeylogger family
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-