General
-
Target
RFQ (2).exe
-
Size
1.2MB
-
Sample
210119-516z1trv7e
-
MD5
d83147c1f2843a7debadb1c3c3c19d9d
-
SHA1
edb9c5c09ae378cf30611dc1b5e01ab10aea2615
-
SHA256
ff8d39974554acf40538107995f0f6b000be41747ca6c34dae415df33596d5a3
-
SHA512
ebf6c57062b60ae23f6d5504b2f02d6dc9688ca71dd23c4a219dfca27d42913a855a8b9022422fda67355ef031e747133a9da9013bafea32cfe43bd78d1ceca3
Static task
static1
Behavioral task
behavioral1
Sample
RFQ (2).exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
RFQ (2).exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
RFQ (2).exe
-
Size
1.2MB
-
MD5
d83147c1f2843a7debadb1c3c3c19d9d
-
SHA1
edb9c5c09ae378cf30611dc1b5e01ab10aea2615
-
SHA256
ff8d39974554acf40538107995f0f6b000be41747ca6c34dae415df33596d5a3
-
SHA512
ebf6c57062b60ae23f6d5504b2f02d6dc9688ca71dd23c4a219dfca27d42913a855a8b9022422fda67355ef031e747133a9da9013bafea32cfe43bd78d1ceca3
Score10/10-
Snake Keylogger Payload
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-