General
-
Target
scan copy.exe
-
Size
821KB
-
Sample
240701-l5na6sydrq
-
MD5
70081b623e77616333b19e7bc186dd66
-
SHA1
bc730c03095bbb3fb85773d564774b7fa2a4f2c9
-
SHA256
90c2430071000bba0378a0e404c636df13958a02fa97b4ed19c1230da402da8f
-
SHA512
1e34aa19d8299387e54fe9764ab9c5334a0b91049ed31a7333c3b1fbbeb43dd0b449eb7b538a64ae7c2ebc13dc2ed63e2a8a9667e0b472edff2d7dc50f2251d6
-
SSDEEP
12288:cj2+TW+8LeXbSIrEPrWgeBG9BH79/UXQU4PIFQhIe8Gk1zesgqkkdR9CTt9XQo:cWLe+9oG9poQU47leeYkK9CTt9XQ
Static task
static1
Behavioral task
behavioral1
Sample
scan copy.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
scan copy.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot6660014548:AAH8CVYDbJ7NB6q8RItwZQxjcAXTPkK63gc/sendMessage?chat_id=2142414120
Targets
-
-
Target
scan copy.exe
-
Size
821KB
-
MD5
70081b623e77616333b19e7bc186dd66
-
SHA1
bc730c03095bbb3fb85773d564774b7fa2a4f2c9
-
SHA256
90c2430071000bba0378a0e404c636df13958a02fa97b4ed19c1230da402da8f
-
SHA512
1e34aa19d8299387e54fe9764ab9c5334a0b91049ed31a7333c3b1fbbeb43dd0b449eb7b538a64ae7c2ebc13dc2ed63e2a8a9667e0b472edff2d7dc50f2251d6
-
SSDEEP
12288:cj2+TW+8LeXbSIrEPrWgeBG9BH79/UXQU4PIFQhIe8Gk1zesgqkkdR9CTt9XQo:cWLe+9oG9poQU47leeYkK9CTt9XQ
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-