General
-
Target
S2H087654345678.exe
-
Size
241KB
-
Sample
230610-l3x3laef36
-
MD5
5dca4d12b350856aa163d3422e37fa5e
-
SHA1
bea4b3587b4e95e0137b75fb883b58be5b3d94f0
-
SHA256
4311267e7fc72741ebf8919143b3509f2c95d5cfa30c5b0a8c45c07501b7834f
-
SHA512
47e8e65079f8cf0d1109141c29945db29ff9eebece26e60c3eeb101a745801632c345e4c56bbad3a28f4cb565f96bb60d9ed3ddfb87e10f6c63e0c066e5b66f5
-
SSDEEP
6144:PYa6QVyouV/I+MR1GmWU3Vz01c0tN/AE+i4Xli:PYqzKI+MR1l6m0tN//+imi
Static task
static1
Behavioral task
behavioral1
Sample
S2H087654345678.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
S2H087654345678.exe
Resource
win10v2004-20230221-en
Malware Config
Targets
-
-
Target
S2H087654345678.exe
-
Size
241KB
-
MD5
5dca4d12b350856aa163d3422e37fa5e
-
SHA1
bea4b3587b4e95e0137b75fb883b58be5b3d94f0
-
SHA256
4311267e7fc72741ebf8919143b3509f2c95d5cfa30c5b0a8c45c07501b7834f
-
SHA512
47e8e65079f8cf0d1109141c29945db29ff9eebece26e60c3eeb101a745801632c345e4c56bbad3a28f4cb565f96bb60d9ed3ddfb87e10f6c63e0c066e5b66f5
-
SSDEEP
6144:PYa6QVyouV/I+MR1GmWU3Vz01c0tN/AE+i4Xli:PYqzKI+MR1l6m0tN//+imi
-
Snake Keylogger payload
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-