General
-
Target
S86P09876543567890.exe
-
Size
170KB
-
Sample
230610-l3rktafc9v
-
MD5
91073d169ab02ba570d44b2a818a6247
-
SHA1
5934c4bcb4d4933c36b13d83ec027a4e14837cf3
-
SHA256
e168f37e05b77098a7bbd948efc1120d030c6a95de6dd9aeaa1738f66d2fa1b3
-
SHA512
c04ce170221bb2139afc475301ba94c7f3d99d8dbcb284b5b6afae02753cc57661f34e6b3d0e3289a01bc8641bdcb2d6ba97dcdb8f0c32d7bdd38083dd1a7a27
-
SSDEEP
3072:nfY/TU9fE9PEtu6uWy8bbCAxi8G15lUaM+Fk+HSfhsWupx+kX1zBF+VtAJ:fYa6QVye3TGe1+Fk+HSZ8B1FF+3u
Static task
static1
Behavioral task
behavioral1
Sample
S86P09876543567890.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
S86P09876543567890.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
S86P09876543567890.exe
-
Size
170KB
-
MD5
91073d169ab02ba570d44b2a818a6247
-
SHA1
5934c4bcb4d4933c36b13d83ec027a4e14837cf3
-
SHA256
e168f37e05b77098a7bbd948efc1120d030c6a95de6dd9aeaa1738f66d2fa1b3
-
SHA512
c04ce170221bb2139afc475301ba94c7f3d99d8dbcb284b5b6afae02753cc57661f34e6b3d0e3289a01bc8641bdcb2d6ba97dcdb8f0c32d7bdd38083dd1a7a27
-
SSDEEP
3072:nfY/TU9fE9PEtu6uWy8bbCAxi8G15lUaM+Fk+HSfhsWupx+kX1zBF+VtAJ:fYa6QVye3TGe1+Fk+HSZ8B1FF+3u
-
Snake Keylogger payload
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-