General
-
Target
000900000000900.exe
-
Size
958KB
-
Sample
210119-yrat1s1yex
-
MD5
9986f70e963e69f4e25ec67cc0a0b66a
-
SHA1
0f3c4623479f32e809212b08d32b944ffc522857
-
SHA256
438fdfe2373cc3461f9294fab147d74beae972ad80620002d60ccd6f27f8c966
-
SHA512
a23c62e62bd7fafd8b40611847c893cba459e3db794678d3fdc7b5208b789b32b30fac332b8cfef03a9bff76c83391bece184a11b46aed80b3b80aab389c295f
Static task
static1
Behavioral task
behavioral1
Sample
000900000000900.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
000900000000900.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
000900000000900.exe
-
Size
958KB
-
MD5
9986f70e963e69f4e25ec67cc0a0b66a
-
SHA1
0f3c4623479f32e809212b08d32b944ffc522857
-
SHA256
438fdfe2373cc3461f9294fab147d74beae972ad80620002d60ccd6f27f8c966
-
SHA512
a23c62e62bd7fafd8b40611847c893cba459e3db794678d3fdc7b5208b789b32b30fac332b8cfef03a9bff76c83391bece184a11b46aed80b3b80aab389c295f
Score10/10-
Snake Keylogger Payload
-
Drops startup file
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-