General
-
Target
SecuriteInfo.com.Win32.PWSX-gen.12909.25792.exe
-
Size
726KB
-
Sample
221129-w6ltvaha9z
-
MD5
ba53e0bd6c2af2f5b168db207c478fb6
-
SHA1
aa35a6b2e0d42a23a709bcdd290f6bb6c9f784bc
-
SHA256
fcef21e6ba3158cc6145ac3314e35f40507b66794a9b9ed4e6e72cb08abba4d4
-
SHA512
831c6c0f399d8f9370818fefbf6ba21a9da1855ba795c050d349d691c9f874e25390691b5f610bdcac1919faa09d2fbc713924fe5685d09b853cc51b9d74c155
-
SSDEEP
12288:wOvE1BqvgXaa6gjv3gsnZzGdS13Rrq20HB7+GpqHES2+QZJ:61BqvgXN6gjIOzF1020hyOqhDQZ
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.PWSX-gen.12909.25792.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Win32.PWSX-gen.12909.25792.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
SecuriteInfo.com.Win32.PWSX-gen.12909.25792.exe
-
Size
726KB
-
MD5
ba53e0bd6c2af2f5b168db207c478fb6
-
SHA1
aa35a6b2e0d42a23a709bcdd290f6bb6c9f784bc
-
SHA256
fcef21e6ba3158cc6145ac3314e35f40507b66794a9b9ed4e6e72cb08abba4d4
-
SHA512
831c6c0f399d8f9370818fefbf6ba21a9da1855ba795c050d349d691c9f874e25390691b5f610bdcac1919faa09d2fbc713924fe5685d09b853cc51b9d74c155
-
SSDEEP
12288:wOvE1BqvgXaa6gjv3gsnZzGdS13Rrq20HB7+GpqHES2+QZJ:61BqvgXN6gjIOzF1020hyOqhDQZ
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-