General
-
Target
bank_payment form.exe
-
Size
229KB
-
Sample
220521-jdhv9sage9
-
MD5
773aeb8b7d2c978f5e6827e3156a5115
-
SHA1
5cf948bc30bca89a8b32ed38c5c723cca13fa196
-
SHA256
32e3f433b732245bcd8a27d204a770fc82d70010f3cb1549dc91f04d24849941
-
SHA512
5b76cc3802f7809bbb389048358bb0374273406492445c75abe301342ba9b7833f613073e7c5eda4e1d249b947822d6ffdba10735685ff0825055cd2b4a8b376
Static task
static1
Behavioral task
behavioral1
Sample
bank_payment form.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
bank_payment form.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
bank_payment form.exe
-
Size
229KB
-
MD5
773aeb8b7d2c978f5e6827e3156a5115
-
SHA1
5cf948bc30bca89a8b32ed38c5c723cca13fa196
-
SHA256
32e3f433b732245bcd8a27d204a770fc82d70010f3cb1549dc91f04d24849941
-
SHA512
5b76cc3802f7809bbb389048358bb0374273406492445c75abe301342ba9b7833f613073e7c5eda4e1d249b947822d6ffdba10735685ff0825055cd2b4a8b376
Score10/10-
Snake Keylogger Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-