General
-
Target
Vsl's Particulars.exe
-
Size
430KB
-
Sample
221126-p7g4qaea76
-
MD5
19f682b3bc81726446548e1589eb1743
-
SHA1
4095b78585ad3334dee52a2aa0a4536f19858449
-
SHA256
ed88fe1c402db7c228f49f7faf8370ca5688bbaf1bbdf2ac7dd2a95b9cb4fc36
-
SHA512
866a38685df18a3a7b4b741cd5fd1129aa6de3f07dc8da52c2f8c42c3b46c5b26f57ffd8dc850e4600467c6a134c52fd14f751e1f5a641bf3dc9995303e44054
-
SSDEEP
3072:7+Dfpf4I8ZZpSOs4PNdvr+1UjTsvY3h4I5UWIDRRineV3Kap/ObYOOt7POITGCo6:KmIMZUOJpq1B4UhDqe5pmboNNPonA4
Static task
static1
Behavioral task
behavioral1
Sample
Vsl's Particulars.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
Vsl's Particulars.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
Vsl's Particulars.exe
-
Size
430KB
-
MD5
19f682b3bc81726446548e1589eb1743
-
SHA1
4095b78585ad3334dee52a2aa0a4536f19858449
-
SHA256
ed88fe1c402db7c228f49f7faf8370ca5688bbaf1bbdf2ac7dd2a95b9cb4fc36
-
SHA512
866a38685df18a3a7b4b741cd5fd1129aa6de3f07dc8da52c2f8c42c3b46c5b26f57ffd8dc850e4600467c6a134c52fd14f751e1f5a641bf3dc9995303e44054
-
SSDEEP
3072:7+Dfpf4I8ZZpSOs4PNdvr+1UjTsvY3h4I5UWIDRRineV3Kap/ObYOOt7POITGCo6:KmIMZUOJpq1B4UhDqe5pmboNNPonA4
-
Snake Keylogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-