General
-
Target
96fd6cc64869d71e0cee0acb92a0e6e986140836d2d189ef67d17d994c0a4b35.exe
-
Size
1.1MB
-
Sample
241106-dnkjysvajm
-
MD5
4518fb3fe25fb47b24f94fdeb7c0c3b4
-
SHA1
ed6d787a0cb6e70abe2ffc4e07bdd78b2e8bb105
-
SHA256
96fd6cc64869d71e0cee0acb92a0e6e986140836d2d189ef67d17d994c0a4b35
-
SHA512
544e08f1867d20720035eae3100247a29752e356aa579a067cef28395a7bacc8dd768d545f79948e815c0a404a668f0232ef8d1f719b1063d762d83b993461c1
-
SSDEEP
24576:ffmMv6Ckr7Mny5QLrQ4GyWnqJnkFsBx31yby14q:f3v+7/5QLXGfbFg16q
Static task
static1
Behavioral task
behavioral1
Sample
96fd6cc64869d71e0cee0acb92a0e6e986140836d2d189ef67d17d994c0a4b35.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
96fd6cc64869d71e0cee0acb92a0e6e986140836d2d189ef67d17d994c0a4b35.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot7498931539:AAE8KHb70FueL6YmOOF6rhS3Z3o-F1rx6_A/sendMessage?chat_id=1178171552
Targets
-
-
Target
96fd6cc64869d71e0cee0acb92a0e6e986140836d2d189ef67d17d994c0a4b35.exe
-
Size
1.1MB
-
MD5
4518fb3fe25fb47b24f94fdeb7c0c3b4
-
SHA1
ed6d787a0cb6e70abe2ffc4e07bdd78b2e8bb105
-
SHA256
96fd6cc64869d71e0cee0acb92a0e6e986140836d2d189ef67d17d994c0a4b35
-
SHA512
544e08f1867d20720035eae3100247a29752e356aa579a067cef28395a7bacc8dd768d545f79948e815c0a404a668f0232ef8d1f719b1063d762d83b993461c1
-
SSDEEP
24576:ffmMv6Ckr7Mny5QLrQ4GyWnqJnkFsBx31yby14q:f3v+7/5QLXGfbFg16q
-
Snake Keylogger payload
-
Snakekeylogger family
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-