General
-
Target
PURCHASE DRAFT 01072024.exe
-
Size
467KB
-
Sample
240701-td7jqsyanc
-
MD5
29e1467e979c85abfbdd3da6b09e6c16
-
SHA1
9cfa0ebefbc7ae0a2a87c255cae34c9e3ce239c5
-
SHA256
449bf249c170a1b3275c2a3ed45292244ecb49bf3be24ccef3809330de252d90
-
SHA512
00d7f1882e48222a94107b01734c4225461c28b39e7ff67597061360a1965b278962d3020406f4bcd6d38609d61e687f1b17e4f11735fc98697252bf0b17d79b
-
SSDEEP
6144:Ddnrsfcv+Q3KGZ+tJm5RliVL4KciREqBQPzF+eanHuU0LIyv5Vl0xq:KgkXm5zibmqBQPzEeqOUgHxB
Static task
static1
Behavioral task
behavioral1
Sample
PURCHASE DRAFT 01072024.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
PURCHASE DRAFT 01072024.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot7169426142:AAG_Nuf4vFdD3YALIW-rE-UaNUDVey15SPM/sendMessage?chat_id=1545867115
Targets
-
-
Target
PURCHASE DRAFT 01072024.exe
-
Size
467KB
-
MD5
29e1467e979c85abfbdd3da6b09e6c16
-
SHA1
9cfa0ebefbc7ae0a2a87c255cae34c9e3ce239c5
-
SHA256
449bf249c170a1b3275c2a3ed45292244ecb49bf3be24ccef3809330de252d90
-
SHA512
00d7f1882e48222a94107b01734c4225461c28b39e7ff67597061360a1965b278962d3020406f4bcd6d38609d61e687f1b17e4f11735fc98697252bf0b17d79b
-
SSDEEP
6144:Ddnrsfcv+Q3KGZ+tJm5RliVL4KciREqBQPzF+eanHuU0LIyv5Vl0xq:KgkXm5zibmqBQPzEeqOUgHxB
-
Snake Keylogger payload
-
Disables RegEdit via registry modification
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-