General
-
Target
b23119bb95d44f50e52555f51c9931389d3d559b9f74e34041e9fa6bc2b7f481.exe
-
Size
767KB
-
Sample
241107-dk3w5awpbp
-
MD5
21a5378b2c78f66fff23ec764cba65f2
-
SHA1
94e2921a8a2e47611c936235b5ba03feecf00fff
-
SHA256
b23119bb95d44f50e52555f51c9931389d3d559b9f74e34041e9fa6bc2b7f481
-
SHA512
885aaec0dea4fbf8d46da71bb34f776a8f212e99bf7da7082ef312a1936d46d5b59327c5650a50582df474cae7174dfafe3fa606876d218501f02cd3a25e05d0
-
SSDEEP
12288:bMwhYlU9blucsKZ1XjfCTD/qp0xmk9qPARcQFY9fcNLqH66cOsFoTvGU5ZqLm:bMwhY+9blYKPGZx0PARxFWfcFqal/F4X
Static task
static1
Behavioral task
behavioral1
Sample
b23119bb95d44f50e52555f51c9931389d3d559b9f74e34041e9fa6bc2b7f481.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
b23119bb95d44f50e52555f51c9931389d3d559b9f74e34041e9fa6bc2b7f481.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
Saganashes.ps1
Resource
win7-20241010-en
Behavioral task
behavioral4
Sample
Saganashes.ps1
Resource
win10v2004-20241007-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot7602241848:AAGOG1RAiVBKad-IMDgRf04J_SQO8x6g-hI/sendMessage?chat_id=5302361040
Targets
-
-
Target
b23119bb95d44f50e52555f51c9931389d3d559b9f74e34041e9fa6bc2b7f481.exe
-
Size
767KB
-
MD5
21a5378b2c78f66fff23ec764cba65f2
-
SHA1
94e2921a8a2e47611c936235b5ba03feecf00fff
-
SHA256
b23119bb95d44f50e52555f51c9931389d3d559b9f74e34041e9fa6bc2b7f481
-
SHA512
885aaec0dea4fbf8d46da71bb34f776a8f212e99bf7da7082ef312a1936d46d5b59327c5650a50582df474cae7174dfafe3fa606876d218501f02cd3a25e05d0
-
SSDEEP
12288:bMwhYlU9blucsKZ1XjfCTD/qp0xmk9qPARcQFY9fcNLqH66cOsFoTvGU5ZqLm:bMwhY+9blYKPGZx0PARxFWfcFqal/F4X
Score10/10-
Snake Keylogger payload
-
Snakekeylogger family
-
Blocklisted process makes network request
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
Saganashes.Com
-
Size
51KB
-
MD5
86971efe48eae4401b734e86152c12aa
-
SHA1
93376b7df5fa9f5d363e263dd898b86e42e40ec0
-
SHA256
8e626d6dc0bb24ed272eaec732b70f81e306c38eba28df9e96ce78d61a75e455
-
SHA512
a04489dfa81e2fe20f1a8f07c562ed4a05f85b74d5745d6cb712252a46f997a7de6c9f11c3fa902c7c7b03f6ff8596e89e064c251b6a348dfb0d3b7ff6a02455
-
SSDEEP
768:AN4iitGvtxOdn/KpRVkmzfjoAPPSQJorIsqd1d4FdJF9wBYExO4u5lwSnuzC:C6o7kn/KdHdf2rtC1d42BYExOT5lwQ
Score8/10-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-