General
-
Target
614dd6711a599e1b8f6a5d75b48148a2.bin
-
Size
506KB
-
Sample
241130-bp8l3aznhp
-
MD5
b0b6c2a076071b29420e4440fd132890
-
SHA1
984dd48dc056708b4ac3ffb6d74f6a1b91140ea5
-
SHA256
0583fc9eb9442323677f79d912b289591e737bb584af5f734d38fd25bad29657
-
SHA512
8fbcc2d875d2bda550498fe79d46a5dab69f0af36eff653a6ce9ac82a952991ff5093a4acbbfa8dbd64d5e88c957875a1e7f2e1d34b96745c243a99706912cd5
-
SSDEEP
12288:qKkph+2w84TXFf4CfjjFbvmcaxNAt0kZJBMhff5y:qKmNT4TXRfjjFKbNw5fShn5y
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot7578088265:AAHvd5E9MBWeIBV2JVvDWdTRg0KYKBSK8MM/sendMessage?chat_id=7365454061
Targets
-
-
Target
ZM-Z_2024-000343__SKM-0_000.exe
-
Size
983KB
-
MD5
aa90694a5cc7243dd249a056818a80ea
-
SHA1
aea0366ac02f19c0ea79053eb51f52f1949ea413
-
SHA256
47f122f668c4791cf3795a7c76e7f3682283bae4efd499d200bd80cc164b8948
-
SHA512
6c63e8a1eedd35fc22329554e1fabbf4cd6a5e3715a285941387ed9aba363b69c15cd102c441b06d1ea761525b62f188eb686b7778387d3f1e8b8ed5657087a8
-
SSDEEP
24576:Wtb20pkaCqT5TBWgNQ7a/ri1qXiYiU96A:DVg5tQ7a/ri1PYiI5
Score10/10-
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
-
Snake Keylogger payload
-
Snakekeylogger family
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-