General
-
Target
0b3cef4a20973e5733941436cd54ef4a157e4014d9b5765c8e4c7c348634b196.exe
-
Size
1.2MB
-
Sample
241106-chrweaskbs
-
MD5
d5ad166042ccce4f7f477fe59384623d
-
SHA1
f452772ff09b1c58159d7afd22d1336d5631e66d
-
SHA256
0b3cef4a20973e5733941436cd54ef4a157e4014d9b5765c8e4c7c348634b196
-
SHA512
2b0bd2d902669ef637aff43e5d212441e2eee92d302817f402425b6e5e949dc6804e474df5d69e076fd91bb29d15ee38456728900f0d9abca81f2ad8d7a61915
-
SSDEEP
24576:IqDEvCTbMWu7rQYlBQcBiT6rprG8a3bDTaO6GX8JuFaVe0yiQr:ITvC/MTQYxsWR7a3b68rFaVecQ
Static task
static1
Behavioral task
behavioral1
Sample
0b3cef4a20973e5733941436cd54ef4a157e4014d9b5765c8e4c7c348634b196.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
0b3cef4a20973e5733941436cd54ef4a157e4014d9b5765c8e4c7c348634b196.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot7541499630:AAESy1nWQ4poIra9UxdBRC70wQqWdJNny3U/sendMessage?chat_id=6557702940
Targets
-
-
Target
0b3cef4a20973e5733941436cd54ef4a157e4014d9b5765c8e4c7c348634b196.exe
-
Size
1.2MB
-
MD5
d5ad166042ccce4f7f477fe59384623d
-
SHA1
f452772ff09b1c58159d7afd22d1336d5631e66d
-
SHA256
0b3cef4a20973e5733941436cd54ef4a157e4014d9b5765c8e4c7c348634b196
-
SHA512
2b0bd2d902669ef637aff43e5d212441e2eee92d302817f402425b6e5e949dc6804e474df5d69e076fd91bb29d15ee38456728900f0d9abca81f2ad8d7a61915
-
SSDEEP
24576:IqDEvCTbMWu7rQYlBQcBiT6rprG8a3bDTaO6GX8JuFaVe0yiQr:ITvC/MTQYxsWR7a3b68rFaVecQ
-
Snake Keylogger payload
-
Snakekeylogger family
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-