General
-
Target
IMG_25579.doc
-
Size
1.0MB
-
Sample
210120-v3flmgfvlx
-
MD5
9e084497b2eccc1b7b5a06327c58da66
-
SHA1
a7c8f1d8ca2bb54214611445708270f19cea5bd6
-
SHA256
7ee5fb764d9e66297d7cef858020c2599195d6227032bca40727cd220473c903
-
SHA512
569b29b7e86efbaeccf0781f3d040797f5ed7202495489f3bdb40861c8a341c9aaf6e827f03d22af05a0396b653c78bc97342f4d88fa1c1b3094ef2b38955b73
Static task
static1
Behavioral task
behavioral1
Sample
IMG_25579.doc
Resource
win7v20201028
Behavioral task
behavioral2
Sample
IMG_25579.doc
Resource
win10v20201028
Malware Config
Targets
-
-
Target
IMG_25579.doc
-
Size
1.0MB
-
MD5
9e084497b2eccc1b7b5a06327c58da66
-
SHA1
a7c8f1d8ca2bb54214611445708270f19cea5bd6
-
SHA256
7ee5fb764d9e66297d7cef858020c2599195d6227032bca40727cd220473c903
-
SHA512
569b29b7e86efbaeccf0781f3d040797f5ed7202495489f3bdb40861c8a341c9aaf6e827f03d22af05a0396b653c78bc97342f4d88fa1c1b3094ef2b38955b73
Score10/10-
Snake Keylogger Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-