General
-
Target
SecuriteInfo.com.Win32.PWSX-gen.19575.15091.exe
-
Size
1.0MB
-
Sample
221128-g92xxage7t
-
MD5
3672cbf3d4df3e8b980ca53da0be22af
-
SHA1
056122bc3ff2e7fc0f7daf12c4bde24dab554aba
-
SHA256
093ae32e384e0781c6840738467880b8a18eeac99a9124e2b03431f054ccbba2
-
SHA512
fbda4615c2984b80db5e970422340912fb84b8a1e8de23c277ed42de36b07525879f0f45ef530989598c22ccf07e0098cadc5d8025a5e9eefc5f2b5cbd09ef7b
-
SSDEEP
24576:ukdGOopzAI3ZnpSLixvrpgDMBse8UOiJoLSwybN9X:v1opLNjeuse8UOxu3
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.PWSX-gen.19575.15091.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Win32.PWSX-gen.19575.15091.exe
Resource
win10v2004-20220901-en
Malware Config
Targets
-
-
Target
SecuriteInfo.com.Win32.PWSX-gen.19575.15091.exe
-
Size
1.0MB
-
MD5
3672cbf3d4df3e8b980ca53da0be22af
-
SHA1
056122bc3ff2e7fc0f7daf12c4bde24dab554aba
-
SHA256
093ae32e384e0781c6840738467880b8a18eeac99a9124e2b03431f054ccbba2
-
SHA512
fbda4615c2984b80db5e970422340912fb84b8a1e8de23c277ed42de36b07525879f0f45ef530989598c22ccf07e0098cadc5d8025a5e9eefc5f2b5cbd09ef7b
-
SSDEEP
24576:ukdGOopzAI3ZnpSLixvrpgDMBse8UOiJoLSwybN9X:v1opLNjeuse8UOxu3
-
Snake Keylogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-