General
-
Target
06112024_0104_05112024_e-dekont.r00
-
Size
682KB
-
Sample
241106-be3m3a1paz
-
MD5
31bf0b4c8b354ae3481317171aca9f84
-
SHA1
187c51cc0a6887f71f8f8f1a2f64271bd9aa4ece
-
SHA256
6b416651cf03386aefaad36bd5f95f6f4af6d0f0ee73c4d82556e7296b3e3afe
-
SHA512
f9d38dddd33dba6712aa873ce00db2d9be54b8b3b5e7b7a981af48765ba0cf9c13dafa7224a7934a7a15719fda7438e5cca8b045d270c5fd80eae5ff98463bd1
-
SSDEEP
12288:Jj6HaRlyKtXOjElpGpoHyB6LZeyPSPJdyBDx0OdShBTvz3qa44KJdu0ynUiPggA8:JjuIoKfpGpo4OZeyPamVxHdSB7z3tbw0
Static task
static1
Behavioral task
behavioral1
Sample
e-dekont.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
e-dekont.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot7541499630:AAESy1nWQ4poIra9UxdBRC70wQqWdJNny3U/sendMessage?chat_id=6557702940
Targets
-
-
Target
e-dekont.exe
-
Size
1.2MB
-
MD5
d5ad166042ccce4f7f477fe59384623d
-
SHA1
f452772ff09b1c58159d7afd22d1336d5631e66d
-
SHA256
0b3cef4a20973e5733941436cd54ef4a157e4014d9b5765c8e4c7c348634b196
-
SHA512
2b0bd2d902669ef637aff43e5d212441e2eee92d302817f402425b6e5e949dc6804e474df5d69e076fd91bb29d15ee38456728900f0d9abca81f2ad8d7a61915
-
SSDEEP
24576:IqDEvCTbMWu7rQYlBQcBiT6rprG8a3bDTaO6GX8JuFaVe0yiQr:ITvC/MTQYxsWR7a3b68rFaVecQ
-
Snake Keylogger payload
-
Snakekeylogger family
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-