General
-
Target
SecuriteInfo.com.Win32.DropperX-gen.25536.280.exe
-
Size
6KB
-
Sample
221123-ml5a1sed68
-
MD5
34abbef1de3ceadeba78308423309942
-
SHA1
4429e74bbc0481dda5dfe4945b2cef4e78b84166
-
SHA256
5c808f0920131d45867eceb3aedd79c4bc90d496ce2a67f2eb12081eb59af9be
-
SHA512
994bf0f0e2b063a60ef47e249fbc93d81e0596996fd3c0388990db4618babe828a0e008d7d04d0bee7f695cc78e6864b120da42a290626604089d4bffb382151
-
SSDEEP
96:Ssk3ueywSKVOMhFJs3DBTBpIkEsSTzNt:Sb1sMH6/C1
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.DropperX-gen.25536.280.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Win32.DropperX-gen.25536.280.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
SecuriteInfo.com.Win32.DropperX-gen.25536.280.exe
-
Size
6KB
-
MD5
34abbef1de3ceadeba78308423309942
-
SHA1
4429e74bbc0481dda5dfe4945b2cef4e78b84166
-
SHA256
5c808f0920131d45867eceb3aedd79c4bc90d496ce2a67f2eb12081eb59af9be
-
SHA512
994bf0f0e2b063a60ef47e249fbc93d81e0596996fd3c0388990db4618babe828a0e008d7d04d0bee7f695cc78e6864b120da42a290626604089d4bffb382151
-
SSDEEP
96:Ssk3ueywSKVOMhFJs3DBTBpIkEsSTzNt:Sb1sMH6/C1
-
Snake Keylogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-