General
-
Target
36b641ba0f1f45fc6bb9c6fb4f74b2a07318b5f4a420d9fbe9b59e1ac2ce3bc4.exe
-
Size
959KB
-
Sample
241224-dtvxwazrg1
-
MD5
7d142eb549dacdfc9c357f482d5bf921
-
SHA1
57ef6110732b2d91f90c785a3fbba4a0112cdc87
-
SHA256
36b641ba0f1f45fc6bb9c6fb4f74b2a07318b5f4a420d9fbe9b59e1ac2ce3bc4
-
SHA512
77d59910817caeaa0f8b10d46fb9cf849784d98550040fa6c97a65cbc5a13207f8e8c83edc60608ff5ffba61061704ca5ecfe8c7f01961ddd5dfc987994e26b1
-
SSDEEP
12288:yCdOy3vVrKxR5CXbNjAOxK/j2n+4YG/6c1mFFja3mXgcjfRlgsUBga1Tc4lB6e8X:yCdxte/80jYLT3U1jfsWahT76bzZJoQ
Static task
static1
Behavioral task
behavioral1
Sample
36b641ba0f1f45fc6bb9c6fb4f74b2a07318b5f4a420d9fbe9b59e1ac2ce3bc4.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
36b641ba0f1f45fc6bb9c6fb4f74b2a07318b5f4a420d9fbe9b59e1ac2ce3bc4.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot7535953552:AAEceAC130pKqikyDX9W3q553FopjnWE5ro/sendMessage?chat_id=1981459653
Targets
-
-
Target
36b641ba0f1f45fc6bb9c6fb4f74b2a07318b5f4a420d9fbe9b59e1ac2ce3bc4.exe
-
Size
959KB
-
MD5
7d142eb549dacdfc9c357f482d5bf921
-
SHA1
57ef6110732b2d91f90c785a3fbba4a0112cdc87
-
SHA256
36b641ba0f1f45fc6bb9c6fb4f74b2a07318b5f4a420d9fbe9b59e1ac2ce3bc4
-
SHA512
77d59910817caeaa0f8b10d46fb9cf849784d98550040fa6c97a65cbc5a13207f8e8c83edc60608ff5ffba61061704ca5ecfe8c7f01961ddd5dfc987994e26b1
-
SSDEEP
12288:yCdOy3vVrKxR5CXbNjAOxK/j2n+4YG/6c1mFFja3mXgcjfRlgsUBga1Tc4lB6e8X:yCdxte/80jYLT3U1jfsWahT76bzZJoQ
Score10/10-
Snake Keylogger payload
-
Snakekeylogger family
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-