General
-
Target
fbb0e05fe6164f133bd793878e4ff5ac732d8352881ac1b0ca8886b1852fe935.rar
-
Size
935KB
-
Sample
241102-lrh5astjen
-
MD5
327a3970e070b6d1a22253fb5ec0f12d
-
SHA1
151a32b0940cdcb4e0ed391315cdedf95173a274
-
SHA256
fbb0e05fe6164f133bd793878e4ff5ac732d8352881ac1b0ca8886b1852fe935
-
SHA512
e8941324dc74771aa38175a6a85b1d58e22f67c760cc4c5b3480715fee857ad6615367aa47db5521f4b39a39c29f29bbe981b35819363dc52aa93adf9ed6b707
-
SSDEEP
24576:M8R8QsCtiwNufsq3QaKDM/XW10zdYqP3+U7Yef:MxzAy+yOU5f
Static task
static1
Behavioral task
behavioral1
Sample
Alvise Maria CV 1.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
Alvise Maria CV 1.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot7814594885:AAHa3uCXluFI0wdWKPRtBnbO9yWlWuXuj84/sendMessage?chat_id=1178171552
Targets
-
-
Target
Alvise Maria CV 1.exe
-
Size
1.4MB
-
MD5
3dc3bbec8d0de761f7992a0464409ba8
-
SHA1
073728a153af98b84ab24726b373bd994d9688e6
-
SHA256
9aa6870924984dad7897c2efa17305143d0e95aba5b8ecb387577361c7657d0c
-
SHA512
8bbb9e321241326d7a4da14069a165455b805dc2f161aa83557ff2619bf6b12c10c9d80916eb60046a15306353167bfd9a3818d31e7931c30b6d345a3332059f
-
SSDEEP
24576:pqDEvCTbMWu7rQYlBQcBiT6rprG8arPWg0EGRxH9DD3/MfOJ4L/:pTvC/MTQYxsWR7arfqlg44L
-
Snake Keylogger payload
-
Snakekeylogger family
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-