General
-
Target
Alvise Maria CV 1.exe
-
Size
1.4MB
-
Sample
241101-m7d1yszerb
-
MD5
3dc3bbec8d0de761f7992a0464409ba8
-
SHA1
073728a153af98b84ab24726b373bd994d9688e6
-
SHA256
9aa6870924984dad7897c2efa17305143d0e95aba5b8ecb387577361c7657d0c
-
SHA512
8bbb9e321241326d7a4da14069a165455b805dc2f161aa83557ff2619bf6b12c10c9d80916eb60046a15306353167bfd9a3818d31e7931c30b6d345a3332059f
-
SSDEEP
24576:pqDEvCTbMWu7rQYlBQcBiT6rprG8arPWg0EGRxH9DD3/MfOJ4L/:pTvC/MTQYxsWR7arfqlg44L
Static task
static1
Behavioral task
behavioral1
Sample
Alvise Maria CV 1.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Alvise Maria CV 1.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot7814594885:AAHa3uCXluFI0wdWKPRtBnbO9yWlWuXuj84/sendMessage?chat_id=1178171552
Targets
-
-
Target
Alvise Maria CV 1.exe
-
Size
1.4MB
-
MD5
3dc3bbec8d0de761f7992a0464409ba8
-
SHA1
073728a153af98b84ab24726b373bd994d9688e6
-
SHA256
9aa6870924984dad7897c2efa17305143d0e95aba5b8ecb387577361c7657d0c
-
SHA512
8bbb9e321241326d7a4da14069a165455b805dc2f161aa83557ff2619bf6b12c10c9d80916eb60046a15306353167bfd9a3818d31e7931c30b6d345a3332059f
-
SSDEEP
24576:pqDEvCTbMWu7rQYlBQcBiT6rprG8arPWg0EGRxH9DD3/MfOJ4L/:pTvC/MTQYxsWR7arfqlg44L
-
Snake Keylogger payload
-
Snakekeylogger family
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-