General
-
Target
0009089000900.exe
-
Size
879KB
-
Sample
210118-fxp9724pg6
-
MD5
4551c0185df582b531e333d52333d6a9
-
SHA1
c9c11adb1b6c8b00a3b5ebb39a1407f88e376e80
-
SHA256
f8c6ac7a79dbbcdf8123c48bfa0d3e4917235f489fba0824c682781802f14fc2
-
SHA512
b09baf8ac2820567712190893fe88c2659dc73323930e2dbec2847c303cae39d30f500bf82e68163c84ca5c0de919dfadfe0c8e48449db7d90252b2c9bde215a
Static task
static1
Behavioral task
behavioral1
Sample
0009089000900.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
0009089000900.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
0009089000900.exe
-
Size
879KB
-
MD5
4551c0185df582b531e333d52333d6a9
-
SHA1
c9c11adb1b6c8b00a3b5ebb39a1407f88e376e80
-
SHA256
f8c6ac7a79dbbcdf8123c48bfa0d3e4917235f489fba0824c682781802f14fc2
-
SHA512
b09baf8ac2820567712190893fe88c2659dc73323930e2dbec2847c303cae39d30f500bf82e68163c84ca5c0de919dfadfe0c8e48449db7d90252b2c9bde215a
Score10/10-
Snake Keylogger Payload
-
Drops startup file
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-