General
-
Target
VSP469620.exe
-
Size
983KB
-
Sample
241125-knvs9aykcz
-
MD5
b8204c2309bbbaf3473266f2dcf3851e
-
SHA1
65d51529e0698579378a26d537b6d0d4b6602e5a
-
SHA256
a1d5e7e9410ec987b5399ae5f8f970b5e051efc97307188f02572ecdd7b9f516
-
SHA512
3db8f19c13fec07cf4542446f9d15e62b0c1c4af4efd200bfe8f99662f145aef04ea75599c7c4a5802b4ef993990d7cc663b9ba7b6e8957a9ab7c4961fe9cfe6
-
SSDEEP
24576:9tb20pkaCqT5TBWgNQ7anGrAEKqFf76A:uVg5tQ7anGrALID5
Static task
static1
Behavioral task
behavioral1
Sample
VSP469620.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
VSP469620.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot7591642187:AAF3F6-zxp3HwWsP9s4_QJW4W-aEGhjsvDI/sendMessage?chat_id=6557702940
Targets
-
-
Target
VSP469620.exe
-
Size
983KB
-
MD5
b8204c2309bbbaf3473266f2dcf3851e
-
SHA1
65d51529e0698579378a26d537b6d0d4b6602e5a
-
SHA256
a1d5e7e9410ec987b5399ae5f8f970b5e051efc97307188f02572ecdd7b9f516
-
SHA512
3db8f19c13fec07cf4542446f9d15e62b0c1c4af4efd200bfe8f99662f145aef04ea75599c7c4a5802b4ef993990d7cc663b9ba7b6e8957a9ab7c4961fe9cfe6
-
SSDEEP
24576:9tb20pkaCqT5TBWgNQ7anGrAEKqFf76A:uVg5tQ7anGrALID5
-
Snake Keylogger payload
-
Snakekeylogger family
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-