General
-
Target
872034d11ff4f9fa7af4212ef951e835a6a63cf3fbf59da60d22af84b3d94c99.exe
-
Size
545KB
-
Sample
241210-p3q6ts1kgk
-
MD5
3cc7edfcd93bac94239fa43aafb1af52
-
SHA1
98bd9aa9c997705f70e6a3483b95390835e66157
-
SHA256
872034d11ff4f9fa7af4212ef951e835a6a63cf3fbf59da60d22af84b3d94c99
-
SHA512
f01fe46aa7e41b708b247c2e76e1de2a523ddc801b73edbdee88ad9efff0f7b5d1030b165aba59973fbaebb369203adc1290e28794dbcde40f9425784106f92a
-
SSDEEP
12288:NquErHF6xC9D6DmR1J98w4oknqOOCyQfZYQignEMlsFqqYJiWn1B:wrl6kD68JmlotQfZsgnEHPWn1B
Behavioral task
behavioral1
Sample
872034d11ff4f9fa7af4212ef951e835a6a63cf3fbf59da60d22af84b3d94c99.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
872034d11ff4f9fa7af4212ef951e835a6a63cf3fbf59da60d22af84b3d94c99.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot1628099890:AAEoyPqXzUZV0NK78yRGbDMLJqRw0vcASbg/sendMessage?chat_id=1217600190
Targets
-
-
Target
872034d11ff4f9fa7af4212ef951e835a6a63cf3fbf59da60d22af84b3d94c99.exe
-
Size
545KB
-
MD5
3cc7edfcd93bac94239fa43aafb1af52
-
SHA1
98bd9aa9c997705f70e6a3483b95390835e66157
-
SHA256
872034d11ff4f9fa7af4212ef951e835a6a63cf3fbf59da60d22af84b3d94c99
-
SHA512
f01fe46aa7e41b708b247c2e76e1de2a523ddc801b73edbdee88ad9efff0f7b5d1030b165aba59973fbaebb369203adc1290e28794dbcde40f9425784106f92a
-
SSDEEP
12288:NquErHF6xC9D6DmR1J98w4oknqOOCyQfZYQignEMlsFqqYJiWn1B:wrl6kD68JmlotQfZsgnEHPWn1B
-
Snake Keylogger payload
-
Snakekeylogger family
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-