General
-
Target
AWBNO-09804480383.exe
-
Size
1.1MB
-
Sample
241125-ph79lsspep
-
MD5
9d452572ff75d16ee715c60c178e7c58
-
SHA1
80749d335e02f8f538c3bf1b747c956f6bcc5a64
-
SHA256
2295da0e659659289eade018cffada62e1c6dc679f26f45d458a287cba9694aa
-
SHA512
6cd9d5e9cd537e6f827008d07127d5db7640e7884f0bcb8387489d1b1aa518ec6416f672908fb09dd11fadb4f00dd42b7ee0aca03957fac2514f9ee03f0108cd
-
SSDEEP
24576:Ttb20pkaCqT5TBWgNQ7aXMdOiyErT383Wg76A:QVg5tQ7aXsOjKTW5
Static task
static1
Behavioral task
behavioral1
Sample
AWBNO-09804480383.exe
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
AWBNO-09804480383.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot7399492470:AAF1Q52TLq6uEICFiCVrLu9dpROnjh2wukI/sendMessage?chat_id=1443320838
Targets
-
-
Target
AWBNO-09804480383.exe
-
Size
1.1MB
-
MD5
9d452572ff75d16ee715c60c178e7c58
-
SHA1
80749d335e02f8f538c3bf1b747c956f6bcc5a64
-
SHA256
2295da0e659659289eade018cffada62e1c6dc679f26f45d458a287cba9694aa
-
SHA512
6cd9d5e9cd537e6f827008d07127d5db7640e7884f0bcb8387489d1b1aa518ec6416f672908fb09dd11fadb4f00dd42b7ee0aca03957fac2514f9ee03f0108cd
-
SSDEEP
24576:Ttb20pkaCqT5TBWgNQ7aXMdOiyErT383Wg76A:QVg5tQ7aXsOjKTW5
-
Snake Keylogger payload
-
Snakekeylogger family
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-