General
-
Target
FAC0987656789000.com
-
Size
529KB
-
Sample
241117-vec7ysymfk
-
MD5
3abf7470f1bf525962a46c980cff0b23
-
SHA1
eed11e6be7a63a53e5b12a4ccf3d442551d2429a
-
SHA256
c9e937d287a7c9fe7de44c0003b64e3a20e47bbe30008be2a0d9d9a57f57e5d1
-
SHA512
75c6c239ae025bcc6feee598c2514a016d3e3857cf3d6b3afc10cd8326a3afdaf4a5ffafc25a9a0199d68c747cb59ac42e684f07aaa384af41d265e9aaf7cc62
-
SSDEEP
12288:ZOv5jKhsfoPA+yeVKUCUxP4C902bdRtJJPiv8dj1dlsqAIj8IbqRxBG0yt:Zq5TfcdHj4fmbVfAaqLU
Behavioral task
behavioral1
Sample
FAC0987656789000.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
FAC0987656789000.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot5801425382:AAG5b4PUEaqNDv5uP9ejZGeIHeuzzOD4IHY/sendMessage?chat_id=5812329204
Targets
-
-
Target
FAC0987656789000.com
-
Size
529KB
-
MD5
3abf7470f1bf525962a46c980cff0b23
-
SHA1
eed11e6be7a63a53e5b12a4ccf3d442551d2429a
-
SHA256
c9e937d287a7c9fe7de44c0003b64e3a20e47bbe30008be2a0d9d9a57f57e5d1
-
SHA512
75c6c239ae025bcc6feee598c2514a016d3e3857cf3d6b3afc10cd8326a3afdaf4a5ffafc25a9a0199d68c747cb59ac42e684f07aaa384af41d265e9aaf7cc62
-
SSDEEP
12288:ZOv5jKhsfoPA+yeVKUCUxP4C902bdRtJJPiv8dj1dlsqAIj8IbqRxBG0yt:Zq5TfcdHj4fmbVfAaqLU
-
Snake Keylogger payload
-
Snakekeylogger family
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-