General
-
Target
dd368ffa260270c084b71839690763f08f5d184a98cf2967bed35bb3bc347505
-
Size
707KB
-
Sample
230721-trjptsfg81
-
MD5
4c0bbe6fd4bdfd0733a66badb6602699
-
SHA1
b0b9d106882aa35122bea0d1b8154872073462c0
-
SHA256
dd368ffa260270c084b71839690763f08f5d184a98cf2967bed35bb3bc347505
-
SHA512
ad2f023f76aa024f9a20afd067c38e648df36cfb5469f1f0fe89cc2a1bf621dd7a1c72e884ab136f09bdd0512336bbabc4a90e787025555f2076c0b870042d46
-
SSDEEP
12288:mb/zXljS/9PGMlj6KYqOnGV0worUs1Ag9CACJ3aZKDOcNA5av+BjgAC7RI:mb/z1jgPGMdYqvrorUsXQAKZNA46jgP+
Static task
static1
Behavioral task
behavioral1
Sample
dd368ffa260270c084b71839690763f08f5d184a98cf2967bed35bb3bc347505.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
dd368ffa260270c084b71839690763f08f5d184a98cf2967bed35bb3bc347505.exe
Resource
win10v2004-20230703-en
Malware Config
Targets
-
-
Target
dd368ffa260270c084b71839690763f08f5d184a98cf2967bed35bb3bc347505
-
Size
707KB
-
MD5
4c0bbe6fd4bdfd0733a66badb6602699
-
SHA1
b0b9d106882aa35122bea0d1b8154872073462c0
-
SHA256
dd368ffa260270c084b71839690763f08f5d184a98cf2967bed35bb3bc347505
-
SHA512
ad2f023f76aa024f9a20afd067c38e648df36cfb5469f1f0fe89cc2a1bf621dd7a1c72e884ab136f09bdd0512336bbabc4a90e787025555f2076c0b870042d46
-
SSDEEP
12288:mb/zXljS/9PGMlj6KYqOnGV0worUs1Ag9CACJ3aZKDOcNA5av+BjgAC7RI:mb/z1jgPGMdYqvrorUsXQAKZNA46jgP+
Score10/10-
Snake Keylogger payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-