General
-
Target
98c9320cdb52678dceee4b16666147bd1d96f73006311c03f6238fcdf813f93f.bat
-
Size
2.9MB
-
Sample
240625-b22paatdng
-
MD5
a65ee5594b619784ddae86580ae0023e
-
SHA1
068ab505bb49206349b08527e88fa764475dc4e3
-
SHA256
98c9320cdb52678dceee4b16666147bd1d96f73006311c03f6238fcdf813f93f
-
SHA512
fa454fb624c12a7ceac9ba230134cb63df7321dcf09f5c077d7d94d82e0220fd04222b5f1ade571eb0154c716a284ccf802d76676dd0d6063e3da441dd7c056e
-
SSDEEP
24576:qjdD5w0gCVEM/qU6ucJXtV5g+W1LAXuFyoU/Vgjt5Rxb85lepF+STTdA7jxkbLv8:2D71qdXt/3dKy4JrpFftkbWDoUAiVRTo
Static task
static1
Behavioral task
behavioral1
Sample
98c9320cdb52678dceee4b16666147bd1d96f73006311c03f6238fcdf813f93f.bat
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
98c9320cdb52678dceee4b16666147bd1d96f73006311c03f6238fcdf813f93f.bat
Resource
win10v2004-20240508-en
Malware Config
Extracted
snakekeylogger
Protocol: ftp- Host:
ftp://files.000webhost.com/ - Port:
21 - Username:
uzo1919 - Password:
Computer@101
Targets
-
-
Target
98c9320cdb52678dceee4b16666147bd1d96f73006311c03f6238fcdf813f93f.bat
-
Size
2.9MB
-
MD5
a65ee5594b619784ddae86580ae0023e
-
SHA1
068ab505bb49206349b08527e88fa764475dc4e3
-
SHA256
98c9320cdb52678dceee4b16666147bd1d96f73006311c03f6238fcdf813f93f
-
SHA512
fa454fb624c12a7ceac9ba230134cb63df7321dcf09f5c077d7d94d82e0220fd04222b5f1ade571eb0154c716a284ccf802d76676dd0d6063e3da441dd7c056e
-
SSDEEP
24576:qjdD5w0gCVEM/qU6ucJXtV5g+W1LAXuFyoU/Vgjt5Rxb85lepF+STTdA7jxkbLv8:2D71qdXt/3dKy4JrpFftkbWDoUAiVRTo
Score10/10-
Snake Keylogger payload
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables referencing many email and collaboration clients. Observed in information stealers
-
Detects executables with potential process hoocking
-
Executes dropped EXE
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-