General
-
Target
S98654567800.exe
-
Size
170KB
-
Sample
230610-l3cfwsfc8y
-
MD5
5f78f6a5f014afd112e936f3a6772b54
-
SHA1
0b3b9a3e6c45e539bfcab23067584b63f0530c20
-
SHA256
00bd5a737b4ef0194fe438d108ddfb902655eebc30810182a25f3468644d43bc
-
SHA512
61f62116042e9206751d287af7decee6e05bb0f4b8d76dcfb060d110fd920a77d91d58f5b5bc3d5a9c0a6266cc6fe75a1f3c507c59dc57ac3be5aa360695cc0f
-
SSDEEP
3072:VfY/TU9fE9PEtuCXwbqYTv19B5XzfQZzu9Ydxqadxw9pgybd+hnieUqf:ZYa6QXSfB9B5X7wzu9Y7rYjgyJmiG
Static task
static1
Behavioral task
behavioral1
Sample
S98654567800.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
S98654567800.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
S98654567800.exe
-
Size
170KB
-
MD5
5f78f6a5f014afd112e936f3a6772b54
-
SHA1
0b3b9a3e6c45e539bfcab23067584b63f0530c20
-
SHA256
00bd5a737b4ef0194fe438d108ddfb902655eebc30810182a25f3468644d43bc
-
SHA512
61f62116042e9206751d287af7decee6e05bb0f4b8d76dcfb060d110fd920a77d91d58f5b5bc3d5a9c0a6266cc6fe75a1f3c507c59dc57ac3be5aa360695cc0f
-
SSDEEP
3072:VfY/TU9fE9PEtuCXwbqYTv19B5XzfQZzu9Ydxqadxw9pgybd+hnieUqf:ZYa6QXSfB9B5X7wzu9Y7rYjgyJmiG
-
Snake Keylogger payload
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-