General
-
Target
FYRERTY9876789.exe
-
Size
339KB
-
Sample
230610-l3q92sfc9t
-
MD5
2425462d4d190b94ad8e1470cde3e037
-
SHA1
4532867389682e6baa4380d8d1c25aef9820b836
-
SHA256
132f4b687fca2ea6031d2c08c51ffb634bbed67545c0a2e8f62c1e0e137782a2
-
SHA512
32c9e18d0d7b6143bb84cc9114c974c8edbd5d57344c63906304a0b027b0b37645f4cb3e9ec6c622384747718169e34110069e9ac4ded7b9c028c3bb52457ffa
-
SSDEEP
6144:/Ya6lTfu5+D+QJnnxwjIRjnnqHUut6f15pEnBXU7kMQKIgackKb+MV/9sdn:/Y3TRJXtnqbEqQzQKIwV/9sdn
Static task
static1
Behavioral task
behavioral1
Sample
FYRERTY9876789.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
FYRERTY9876789.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
FYRERTY9876789.exe
-
Size
339KB
-
MD5
2425462d4d190b94ad8e1470cde3e037
-
SHA1
4532867389682e6baa4380d8d1c25aef9820b836
-
SHA256
132f4b687fca2ea6031d2c08c51ffb634bbed67545c0a2e8f62c1e0e137782a2
-
SHA512
32c9e18d0d7b6143bb84cc9114c974c8edbd5d57344c63906304a0b027b0b37645f4cb3e9ec6c622384747718169e34110069e9ac4ded7b9c028c3bb52457ffa
-
SSDEEP
6144:/Ya6lTfu5+D+QJnnxwjIRjnnqHUut6f15pEnBXU7kMQKIgackKb+MV/9sdn:/Y3TRJXtnqbEqQzQKIwV/9sdn
Score10/10-
Snake Keylogger payload
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-