General
-
Target
Order IMG_501032.doc
-
Size
622KB
-
Sample
210120-ykvwvvasdn
-
MD5
7245e4053bd911622d0f073739a36c1e
-
SHA1
775948cde14fdf9a0bf375cd5a3dbb07cf7a1aa7
-
SHA256
d52ad198b3121b0cf748339177fb2987b198cf27c82c0d7ffbb26418557a9a89
-
SHA512
241a2b1e1bb682ee936dfb90e95631bb106bc7521503befc4f3ea22d4bb6da3de117259f8827c23970d271f13fb83cb1abd778721b35a30398aed572701efbe8
Static task
static1
Behavioral task
behavioral1
Sample
Order IMG_501032.doc
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Order IMG_501032.doc
Resource
win10v20201028
Malware Config
Targets
-
-
Target
Order IMG_501032.doc
-
Size
622KB
-
MD5
7245e4053bd911622d0f073739a36c1e
-
SHA1
775948cde14fdf9a0bf375cd5a3dbb07cf7a1aa7
-
SHA256
d52ad198b3121b0cf748339177fb2987b198cf27c82c0d7ffbb26418557a9a89
-
SHA512
241a2b1e1bb682ee936dfb90e95631bb106bc7521503befc4f3ea22d4bb6da3de117259f8827c23970d271f13fb83cb1abd778721b35a30398aed572701efbe8
Score10/10-
Snake Keylogger Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-