General
-
Target
INVOICE-099990.exe
-
Size
600KB
-
Sample
210120-vl1s1p3c4e
-
MD5
0a73075a58f055c2af0403ee35887b65
-
SHA1
c1b30a2d00436ff430153a80adf64b0c0005d774
-
SHA256
a8f2984d5f05f009985afc0368ed1203380b3df4676996140a57011365108aac
-
SHA512
59e8af8503822bb5ef0d04ada0a1d0b3c08f5cc74878d64e26457db2757e759dc47ff8329e2612d610ac2fc35fd6fb57435620b74733e8a565f7b20f24201cb1
Static task
static1
Behavioral task
behavioral1
Sample
INVOICE-099990.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
INVOICE-099990.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
INVOICE-099990.exe
-
Size
600KB
-
MD5
0a73075a58f055c2af0403ee35887b65
-
SHA1
c1b30a2d00436ff430153a80adf64b0c0005d774
-
SHA256
a8f2984d5f05f009985afc0368ed1203380b3df4676996140a57011365108aac
-
SHA512
59e8af8503822bb5ef0d04ada0a1d0b3c08f5cc74878d64e26457db2757e759dc47ff8329e2612d610ac2fc35fd6fb57435620b74733e8a565f7b20f24201cb1
Score10/10-
Snake Keylogger Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of SetThreadContext
-