Overview
overview
10Static
static
329e1467e97...16.exe
windows7-x64
729e1467e97...16.exe
windows10-2004-x64
10$PLUGINSDI...er.dll
windows7-x64
1$PLUGINSDI...er.dll
windows10-2004-x64
1$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...fo.dll
windows7-x64
3$PLUGINSDI...fo.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3$PLUGINSDI...ec.dll
windows7-x64
3$PLUGINSDI...ec.dll
windows10-2004-x64
3General
-
Target
29e1467e979c85abfbdd3da6b09e6c16.exe
-
Size
467KB
-
Sample
240701-qxsm5syakk
-
MD5
29e1467e979c85abfbdd3da6b09e6c16
-
SHA1
9cfa0ebefbc7ae0a2a87c255cae34c9e3ce239c5
-
SHA256
449bf249c170a1b3275c2a3ed45292244ecb49bf3be24ccef3809330de252d90
-
SHA512
00d7f1882e48222a94107b01734c4225461c28b39e7ff67597061360a1965b278962d3020406f4bcd6d38609d61e687f1b17e4f11735fc98697252bf0b17d79b
-
SSDEEP
6144:Ddnrsfcv+Q3KGZ+tJm5RliVL4KciREqBQPzF+eanHuU0LIyv5Vl0xq:KgkXm5zibmqBQPzEeqOUgHxB
Static task
static1
Behavioral task
behavioral1
Sample
29e1467e979c85abfbdd3da6b09e6c16.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
29e1467e979c85abfbdd3da6b09e6c16.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/Banner.dll
Resource
win7-20240220-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/Banner.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240508-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win7-20240419-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20231129-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/nsExec.dll
Resource
win7-20240611-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10v2004-20240611-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot7169426142:AAG_Nuf4vFdD3YALIW-rE-UaNUDVey15SPM/sendMessage?chat_id=1545867115
Targets
-
-
Target
29e1467e979c85abfbdd3da6b09e6c16.exe
-
Size
467KB
-
MD5
29e1467e979c85abfbdd3da6b09e6c16
-
SHA1
9cfa0ebefbc7ae0a2a87c255cae34c9e3ce239c5
-
SHA256
449bf249c170a1b3275c2a3ed45292244ecb49bf3be24ccef3809330de252d90
-
SHA512
00d7f1882e48222a94107b01734c4225461c28b39e7ff67597061360a1965b278962d3020406f4bcd6d38609d61e687f1b17e4f11735fc98697252bf0b17d79b
-
SSDEEP
6144:Ddnrsfcv+Q3KGZ+tJm5RliVL4KciREqBQPzF+eanHuU0LIyv5Vl0xq:KgkXm5zibmqBQPzEeqOUgHxB
-
Snake Keylogger payload
-
Disables RegEdit via registry modification
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/Banner.dll
-
Size
3KB
-
MD5
71eab837b047124129461cb97f39745b
-
SHA1
6af00ad38ee73303b39970c96859ab6fe7cae584
-
SHA256
46cbb2797870de12aaac717da5c9bb9e2fab20d42e562d6c3925865caea2e81b
-
SHA512
66aa810dc1cd6e8e45ddd62ac88a4999b1b9a3c61aded5054ac8374d2ef5403021fa6bb104eb75c1f6ff4fdde5bc026f00c83dcb166febaaa47bebae0366276e
Score1/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
10e8921a6e7f6a74671b07dc3bde626f
-
SHA1
b7961066600ef193c5319dbeed3673dc60110a50
-
SHA256
c85142f86e1ec02f7ef8d5ba31b22031de3de9a16bce519d5482b824afb277eb
-
SHA512
4c19a7e3117baeec3f6a7f9a33cfab392255741137406db87fe5ac24def7f9a28b2ed0fc26f0f46c5d43ba1bb6675dea74410a797bfd265e38812b042460aa00
-
SSDEEP
192:Q9rQDenC9VrcK7REgSWOprANupQYLRszDDH/d9CWlXo7U6Wxf:QJQEaVAK7R9SfpjpQYLRszfH/d9CWB1j
Score3/10 -
-
-
Target
$PLUGINSDIR/UserInfo.dll
-
Size
3KB
-
MD5
3840a8875ee86c83b57b6e8eca96b013
-
SHA1
aeb5cd350b9bcc2e2903cf35da550e1223efead6
-
SHA256
b99a9f1783fa8156ce4480367e7b059b949fe083dbe66c7dc03e6bcc16f83f8b
-
SHA512
d0d1ebe62916b2e36664256f7e3d1009f8a928bccf0775943f6416255942fb5ac016b8459fc8fb91fd2a3ffb3272e3350578f12e1b5b40a44095ba6fc6f861c1
Score3/10 -
-
-
Target
$PLUGINSDIR/nsDialogs.dll
-
Size
9KB
-
MD5
800aa26b2eb417363bf7ec155cd6c845
-
SHA1
eaec626eefb36850a90c3ffaa7eab1b8750aad1d
-
SHA256
c40817e6948ff1b6e1983ef9dd4f21394a81336e9fe2aea826eafe02a8df047e
-
SHA512
2714bbaa04f481ac6fd83f64106688299d34e6af33d3e13b890c1ca72b0570b9867d427deaab48ae1ee3fe836976f9ac4dac12feb1624787b6fb2787c8db9577
-
SSDEEP
96:GIKf21CuHq37MPuQ7rA9auHav8ZwK03cONByZyImHcAqgvB05CZnthgvsSluspKd:G5Om342wrA5apH3/NYmciACZUEEpU
Score3/10 -
-
-
Target
$PLUGINSDIR/nsExec.dll
-
Size
6KB
-
MD5
520d07e4bdab538c87b797d687717639
-
SHA1
569e5afdeee3cd6b2a77f715828ccb97b470f5fa
-
SHA256
9bf2482d0cdd486e1ec6d21eec00ac95538a7513a7f3c3ba117f7bf21a2b8f2d
-
SHA512
2302618d7b22913b11b1127378109f476de60f4231de377c5d0509b332e47efc12ca3294f3b36621eb7eb5b62b0a9ca98b5ef9692a807de58efd753594ab0185
-
SSDEEP
96:Jt4Vl/7Lo1UBrob9ljNEUgD7cyuM1x9XkraK2A2KAB5VVDyssKZ:Jt4Vlw1Iul5J8T1vK20I5VVGsb
Score3/10 -