General
-
Target
tmp
-
Size
845KB
-
Sample
221129-vwt7sshh49
-
MD5
cdcefe2a9534f0cd4960906e3acabc89
-
SHA1
54505d3d097f37d94635698ccc828dd9bdf378a9
-
SHA256
ad7e23da6a9f779b2420c7e40293aa8f54e4b04a04c2a628a9d458de5bc54c06
-
SHA512
d8858c8d1af0873cae85bd7327da7ff5714672db8e425b5604008fc8a5477af1976aeac624bae3f8b84962e501ed8ba0f8353e346d07686c3d30bffffeb458e7
-
SSDEEP
12288:GorqU+xLBdwu8tKPLPysUAyt/fz3/yrEI5fLja9YvPZPDdzoa1cfN:D28e0l/bKEqfL+YnZPDdEPf
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
tmp.exe
Resource
win10v2004-20220901-en
Malware Config
Targets
-
-
Target
tmp
-
Size
845KB
-
MD5
cdcefe2a9534f0cd4960906e3acabc89
-
SHA1
54505d3d097f37d94635698ccc828dd9bdf378a9
-
SHA256
ad7e23da6a9f779b2420c7e40293aa8f54e4b04a04c2a628a9d458de5bc54c06
-
SHA512
d8858c8d1af0873cae85bd7327da7ff5714672db8e425b5604008fc8a5477af1976aeac624bae3f8b84962e501ed8ba0f8353e346d07686c3d30bffffeb458e7
-
SSDEEP
12288:GorqU+xLBdwu8tKPLPysUAyt/fz3/yrEI5fLja9YvPZPDdzoa1cfN:D28e0l/bKEqfL+YnZPDdEPf
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-