General
-
Target
9e41871b948b229ab4a4574e2b4cd3c300485663c2ca1b0cb9ab7c72ecff203c.arj
-
Size
500KB
-
Sample
241129-eb6r4ayqen
-
MD5
d35e1d09690c4961868535ae71976ea6
-
SHA1
5cbed981e9e91b10ea9d430911cae89a44563bd1
-
SHA256
9e41871b948b229ab4a4574e2b4cd3c300485663c2ca1b0cb9ab7c72ecff203c
-
SHA512
ee6746caf9f7e76286a657ef490b99db45eb453ead0fdf33f13b0d53ae1f7bab10269ef99da4590dc339a463f15c5502b66309b66e5e1268fea83a505624d07d
-
SSDEEP
12288:Hz/gucrKdBtGO+7javShJv4U0SlusFs4p3aJDqwhjKRcITHU:HzI9reJ+7hw644IJDHjmU
Static task
static1
Behavioral task
behavioral1
Sample
FATURA.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
FATURA.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot7525931722:AAHv5VReYz4Tdv44qTVu1nWYViZknndh3TU/sendMessage?chat_id=7361435574
Targets
-
-
Target
FATURA.exe
-
Size
996KB
-
MD5
f643d0ec3aaba77a445b1aa1c739a950
-
SHA1
595437518041ca8664eadfda9cc27ae854b21f9c
-
SHA256
61b26d074e24a041f6e63e815dea5337b13e128d50dd47b5e45c94873806d9d5
-
SHA512
1959f947c2dcff170bc6173683ba84cf7863835d589cafe24c45545f5a0eb6020fc7e37438abfd692a95b29dadb160f86d49cae1254a7c298bf4aa192ce74080
-
SSDEEP
12288:Wtb20Qc3lT7af41ePBRYuQLKpqeUhbTv5OFgNuPPpHSgaaTwgqpH86x6A:Wtb20pkaCqT5TBWgNQ7aqwgqB86x6A
-
Snake Keylogger payload
-
Snakekeylogger family
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-