General
-
Target
090000009009.exe
-
Size
833KB
-
Sample
210121-xhj8ps5kqn
-
MD5
971e6106de288df8941717950c47246f
-
SHA1
8e3a11a580fe8ec92b248cddff95da83bbe47945
-
SHA256
a34a8d989da203aeba58a9e077a12ae65da172bd5635d6ec112f49411a5f29a5
-
SHA512
52eff3720ff3ba180a0e357b99fcd4270a8a638a6950f06c9d5735a53593e4d094d976876ae4255fc98ef83b3199068641cf443281d7b0aad22c1bd085fbb20f
Static task
static1
Behavioral task
behavioral1
Sample
090000009009.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
090000009009.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
090000009009.exe
-
Size
833KB
-
MD5
971e6106de288df8941717950c47246f
-
SHA1
8e3a11a580fe8ec92b248cddff95da83bbe47945
-
SHA256
a34a8d989da203aeba58a9e077a12ae65da172bd5635d6ec112f49411a5f29a5
-
SHA512
52eff3720ff3ba180a0e357b99fcd4270a8a638a6950f06c9d5735a53593e4d094d976876ae4255fc98ef83b3199068641cf443281d7b0aad22c1bd085fbb20f
Score10/10-
Snake Keylogger Payload
-
Drops startup file
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of SetThreadContext
-