General
-
Target
04a71f87d4223328a0dbef5085168ff3710b488b68bca528de391d706e01cd5a.exe
-
Size
785KB
-
Sample
241206-cghlcazpdk
-
MD5
f01fb2c1ebde3213faeec8d171c0eed2
-
SHA1
598d9ab017e0ac1bb65ba05b296c493426918ff8
-
SHA256
04a71f87d4223328a0dbef5085168ff3710b488b68bca528de391d706e01cd5a
-
SHA512
ea9665b513ddeac55944022570a62b310925fceffae15bccb1249b1f98066a0df47be1a10626404e9248260ad92365ba19ae53e41b4c220e327a7d880403afbc
-
SSDEEP
12288:beYT2ytQFWKDvedwHtLYVm8x2ySv+zlv0O78wCtd9ao4:SXFbvedhmS2Xsum8rao
Static task
static1
Behavioral task
behavioral1
Sample
04a71f87d4223328a0dbef5085168ff3710b488b68bca528de391d706e01cd5a.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
04a71f87d4223328a0dbef5085168ff3710b488b68bca528de391d706e01cd5a.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot7719054034:AAHonYJDOpWskt5QdgdvYe662dLuhtscDqw/sendMessage?chat_id=6370711846
Targets
-
-
Target
04a71f87d4223328a0dbef5085168ff3710b488b68bca528de391d706e01cd5a.exe
-
Size
785KB
-
MD5
f01fb2c1ebde3213faeec8d171c0eed2
-
SHA1
598d9ab017e0ac1bb65ba05b296c493426918ff8
-
SHA256
04a71f87d4223328a0dbef5085168ff3710b488b68bca528de391d706e01cd5a
-
SHA512
ea9665b513ddeac55944022570a62b310925fceffae15bccb1249b1f98066a0df47be1a10626404e9248260ad92365ba19ae53e41b4c220e327a7d880403afbc
-
SSDEEP
12288:beYT2ytQFWKDvedwHtLYVm8x2ySv+zlv0O78wCtd9ao4:SXFbvedhmS2Xsum8rao
Score10/10-
Snake Keylogger payload
-
Snakekeylogger family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-