General
-
Target
VSP469620.exe
-
Size
996KB
-
Sample
241126-jyxj6aslgx
-
MD5
426faf44dbe98c8a45deb9f64bd25578
-
SHA1
5cd6e8159d2fde3937385f096713e5d6fb5a9021
-
SHA256
470a1d3d3cb732501469847aa36aac5fe9e235507989299d6f6fdc89889dfef8
-
SHA512
555dac08b0a4f9e31d46fc8b0006da7fb4ccba839d78f02ee155261e24c3c1dba3fc7746d1fe17b5ef3f06946c911c5200f2c668cb2c10edd9aafec8b9cacd04
-
SSDEEP
12288:Etb20Qc3lT7af41ePBRYuQLKpqeUhbTv5OFgNuPPpHSgat7U7mublf784ZRsO6A:Etb20pkaCqT5TBWgNQ7aBy784ZWO6A
Static task
static1
Behavioral task
behavioral1
Sample
VSP469620.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
VSP469620.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot7591642187:AAF3F6-zxp3HwWsP9s4_QJW4W-aEGhjsvDI/sendMessage?chat_id=6557702940
Targets
-
-
Target
VSP469620.exe
-
Size
996KB
-
MD5
426faf44dbe98c8a45deb9f64bd25578
-
SHA1
5cd6e8159d2fde3937385f096713e5d6fb5a9021
-
SHA256
470a1d3d3cb732501469847aa36aac5fe9e235507989299d6f6fdc89889dfef8
-
SHA512
555dac08b0a4f9e31d46fc8b0006da7fb4ccba839d78f02ee155261e24c3c1dba3fc7746d1fe17b5ef3f06946c911c5200f2c668cb2c10edd9aafec8b9cacd04
-
SSDEEP
12288:Etb20Qc3lT7af41ePBRYuQLKpqeUhbTv5OFgNuPPpHSgat7U7mublf784ZRsO6A:Etb20pkaCqT5TBWgNQ7aBy784ZWO6A
-
Snake Keylogger payload
-
Snakekeylogger family
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-