General
-
Target
DOCUMENT.exe
-
Size
724KB
-
Sample
210201-xnvdtcp61e
-
MD5
4f02d5935ccfe64bf137c263be9435de
-
SHA1
76ac241f9537294e9a31ea3e21298c5e24e4fdd4
-
SHA256
d0474602ad9175e7c3f809b9af0bd8b0efeb89ae7b6561373b10bb2a344cfacd
-
SHA512
dca2ee7564b3940bc744e82f7445e14f953c746480a222b9966698cb807c46ef00ab47626a2e09b1c580b4b589f5b883e7d38b8277241c64515a19a845de80dd
Static task
static1
Behavioral task
behavioral1
Sample
DOCUMENT.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
DOCUMENT.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
DOCUMENT.exe
-
Size
724KB
-
MD5
4f02d5935ccfe64bf137c263be9435de
-
SHA1
76ac241f9537294e9a31ea3e21298c5e24e4fdd4
-
SHA256
d0474602ad9175e7c3f809b9af0bd8b0efeb89ae7b6561373b10bb2a344cfacd
-
SHA512
dca2ee7564b3940bc744e82f7445e14f953c746480a222b9966698cb807c46ef00ab47626a2e09b1c580b4b589f5b883e7d38b8277241c64515a19a845de80dd
Score10/10-
Snake Keylogger Payload
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of SetThreadContext
-