General
-
Target
PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe
-
Size
610KB
-
Sample
240702-ka911sxgnm
-
MD5
fe67d87f3efefadb38a76aca77820504
-
SHA1
08c9f9f3c9be5b3fb9fbe6dfc3b6875323c3a4ad
-
SHA256
b740d4c07f1bfd42085caf8c5df442634f5415bcaffe2050c52a0f3379a5f03f
-
SHA512
b19a43da549d0234b1aedc718eef6781d9f5fe7d06eb41fdb0a19b9d35c7627f660b9c956e2411fe94fe5d97ab7c273ef83ecc168c1ae1d28d683433e14414da
-
SSDEEP
12288:xOaEg1tQwjJ3pOpHY2/KCnmJMh9NbMAs0Dmf5a93CjUlNqph:xpPtQwj7OhmJMh7b1siSKsU3y
Static task
static1
Behavioral task
behavioral1
Sample
PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot7049924735:AAGvjcq8A7Onlbh1XDN_9YUW9tENxnyOWZ4/sendMessage?chat_id=5144477649
Targets
-
-
Target
PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe
-
Size
610KB
-
MD5
fe67d87f3efefadb38a76aca77820504
-
SHA1
08c9f9f3c9be5b3fb9fbe6dfc3b6875323c3a4ad
-
SHA256
b740d4c07f1bfd42085caf8c5df442634f5415bcaffe2050c52a0f3379a5f03f
-
SHA512
b19a43da549d0234b1aedc718eef6781d9f5fe7d06eb41fdb0a19b9d35c7627f660b9c956e2411fe94fe5d97ab7c273ef83ecc168c1ae1d28d683433e14414da
-
SSDEEP
12288:xOaEg1tQwjJ3pOpHY2/KCnmJMh9NbMAs0Dmf5a93CjUlNqph:xpPtQwj7OhmJMh7b1siSKsU3y
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-