General
-
Target
file.exe
-
Size
728KB
-
Sample
210131-pfcpy583gn
-
MD5
eefb1c56271032b3006a4842e81fec54
-
SHA1
ffbfd0f4e88e1f6f70eeaa40aa35d6823f29a91e
-
SHA256
83bd78187184fa6f40ef90d7fa8930f7f818092c681f38641ee66667bdd19fb7
-
SHA512
e2de422637ff62e10792ab5b399e6d23ac8196abf68dcb12467e5fccce36827cffd15f166010608e8250b3f0688d7ef8d1bece7d7753771168de9179e74aa997
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
file.exe
-
Size
728KB
-
MD5
eefb1c56271032b3006a4842e81fec54
-
SHA1
ffbfd0f4e88e1f6f70eeaa40aa35d6823f29a91e
-
SHA256
83bd78187184fa6f40ef90d7fa8930f7f818092c681f38641ee66667bdd19fb7
-
SHA512
e2de422637ff62e10792ab5b399e6d23ac8196abf68dcb12467e5fccce36827cffd15f166010608e8250b3f0688d7ef8d1bece7d7753771168de9179e74aa997
Score10/10-
Snake Keylogger Payload
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-