General
-
Target
PO_28135_____.EXE.exe
-
Size
6KB
-
Sample
221129-kh6cssff7v
-
MD5
d434ad5325c7641a7a1cde635dfffc90
-
SHA1
11614131f5859bf0aa5a29ce716f118fab7c0dc9
-
SHA256
695e823587b2441ca95f76514ec7745ff78bf8dc5b3e153ca63e7d7a11d1a4f5
-
SHA512
9391bae6d24306a081bcd396614f19a88c4a5614eaeff817567bb7dd5656388ba26e9dc9ad106058fdde8d40b6a9c0af6e6915ca3c30deae68fc9b726aff2bda
-
SSDEEP
96:iE89uwlvKFhAXft4WvH7q6+1UknljiBm/4Nke4LH3GnUODL:iHXftbvbq6CljiBm/4GpHv0
Static task
static1
Behavioral task
behavioral1
Sample
PO_28135_____.EXE.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
PO_28135_____.EXE.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
PO_28135_____.EXE.exe
-
Size
6KB
-
MD5
d434ad5325c7641a7a1cde635dfffc90
-
SHA1
11614131f5859bf0aa5a29ce716f118fab7c0dc9
-
SHA256
695e823587b2441ca95f76514ec7745ff78bf8dc5b3e153ca63e7d7a11d1a4f5
-
SHA512
9391bae6d24306a081bcd396614f19a88c4a5614eaeff817567bb7dd5656388ba26e9dc9ad106058fdde8d40b6a9c0af6e6915ca3c30deae68fc9b726aff2bda
-
SSDEEP
96:iE89uwlvKFhAXft4WvH7q6+1UknljiBm/4Nke4LH3GnUODL:iHXftbvbq6CljiBm/4GpHv0
-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-