General
-
Target
041c5a311445f3041b528f16d36805cb3c60320c2b79c8c8f43aee32e46e48ab_JC.exe
-
Size
326KB
-
Sample
231006-pcq35sdc76
-
MD5
a3f30742d129cec41cc7855cbd20403d
-
SHA1
110cbb3899289b0f480a6bc641af892afb2568e3
-
SHA256
041c5a311445f3041b528f16d36805cb3c60320c2b79c8c8f43aee32e46e48ab
-
SHA512
a7569a005efe96eeb5f707678492f8260944d60674b01cbabc377a23a38150d1b4a0a23c1aca4f1c31064fdafd45d6e7694bb3c9e3942e54f04b587a7dc03469
-
SSDEEP
6144:UnPdudwD/EVDiex5+9CbK7ARtOEhmz13Nr2aRzSPa+YwIAWILW7:UnPdLbej+Qe7DSc13NKaoY97
Static task
static1
Behavioral task
behavioral1
Sample
041c5a311445f3041b528f16d36805cb3c60320c2b79c8c8f43aee32e46e48ab_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
041c5a311445f3041b528f16d36805cb3c60320c2b79c8c8f43aee32e46e48ab_JC.exe
Resource
win10v2004-20230915-en
Malware Config
Targets
-
-
Target
041c5a311445f3041b528f16d36805cb3c60320c2b79c8c8f43aee32e46e48ab_JC.exe
-
Size
326KB
-
MD5
a3f30742d129cec41cc7855cbd20403d
-
SHA1
110cbb3899289b0f480a6bc641af892afb2568e3
-
SHA256
041c5a311445f3041b528f16d36805cb3c60320c2b79c8c8f43aee32e46e48ab
-
SHA512
a7569a005efe96eeb5f707678492f8260944d60674b01cbabc377a23a38150d1b4a0a23c1aca4f1c31064fdafd45d6e7694bb3c9e3942e54f04b587a7dc03469
-
SSDEEP
6144:UnPdudwD/EVDiex5+9CbK7ARtOEhmz13Nr2aRzSPa+YwIAWILW7:UnPdLbej+Qe7DSc13NKaoY97
-
Snake Keylogger payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-