General
-
Target
PAYMENT SLIP.exe
-
Size
779KB
-
Sample
230610-l4hpasfd2x
-
MD5
03c1b222e9f3d90eb2ce65ad841d54bc
-
SHA1
1d0c76b27d4ea89bdf7ea47ee8c3dfe471ae82ed
-
SHA256
1812c3277ccac3444894057b94558c452df3331202279a65bc5200048a003b3f
-
SHA512
7fc461c21a4ac567e6128bf646b1b23c55d33e22994fb3ef0f19d243fe96b33cf57a2e4e2efd6d5d16a382e7e64d403687c6d1c4c29007c8fa4b2f03f76b69e0
-
SSDEEP
24576:rMpeQHlWxMiQW/O4ue77bN5pszSEFsPq/Cj:8PlYMiQWmS77bLYFsPqM
Static task
static1
Behavioral task
behavioral1
Sample
PAYMENT SLIP.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
PAYMENT SLIP.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
PAYMENT SLIP.exe
-
Size
779KB
-
MD5
03c1b222e9f3d90eb2ce65ad841d54bc
-
SHA1
1d0c76b27d4ea89bdf7ea47ee8c3dfe471ae82ed
-
SHA256
1812c3277ccac3444894057b94558c452df3331202279a65bc5200048a003b3f
-
SHA512
7fc461c21a4ac567e6128bf646b1b23c55d33e22994fb3ef0f19d243fe96b33cf57a2e4e2efd6d5d16a382e7e64d403687c6d1c4c29007c8fa4b2f03f76b69e0
-
SSDEEP
24576:rMpeQHlWxMiQW/O4ue77bN5pszSEFsPq/Cj:8PlYMiQWmS77bLYFsPqM
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-