General
-
Target
RFQ_SFOETH12.js
-
Size
15.0MB
-
Sample
221129-ycf3lsaa37
-
MD5
99f728765a4ae0fc51ab185ba04ce20b
-
SHA1
e7cf5edfebc4f20fab627c220b23af298767e6b2
-
SHA256
b7d8eb2c8c03c3a117cf98e370e11237ae4c9b0de9d7401b20a1e091099374c2
-
SHA512
1cde7973b24f205a5d3f4091bd22af3267eb37d8a404e03417b149b734d0ef3a5a9379210ca0a3810aa9f541fa52a56710ef6ce171f2a871c9504003cbb8b57b
-
SSDEEP
24576:qFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF+:
Static task
static1
Behavioral task
behavioral1
Sample
RFQ_SFOETH12.js
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
RFQ_SFOETH12.js
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
RFQ_SFOETH12.js
-
Size
15.0MB
-
MD5
99f728765a4ae0fc51ab185ba04ce20b
-
SHA1
e7cf5edfebc4f20fab627c220b23af298767e6b2
-
SHA256
b7d8eb2c8c03c3a117cf98e370e11237ae4c9b0de9d7401b20a1e091099374c2
-
SHA512
1cde7973b24f205a5d3f4091bd22af3267eb37d8a404e03417b149b734d0ef3a5a9379210ca0a3810aa9f541fa52a56710ef6ce171f2a871c9504003cbb8b57b
-
SSDEEP
24576:qFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF+:
Score10/10-
Snake Keylogger payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-