snakebot | 8fa72d02675d6c3da7374ad0e00b5fe076c0ac84bde0d6d1b2be5824beaee689

Sharing

Copy URL

Twitter E-mail

General

Target

VastGen-PROD.zip
Size

40.7MB
Sample

231008-x4qkpafe3x
MD5

f4c2ec0c4bd2be2aa15e71a783b3c5ed
SHA1

4e98a51e00c428326829c6bad9a1dd91adbac88f
SHA256

8fa72d02675d6c3da7374ad0e00b5fe076c0ac84bde0d6d1b2be5824beaee689
SHA512

634d928a201b894b3365aca40a95d721903c62804f624ae22efbe35462a9f421cc0f73a01c0e7c5cf457239f9011b8f885d1dfcd637498d4a013ebcf7b7dc9bf
SSDEEP

786432:YOKoGQCWHqiiVoMHbTr5ydW5VvQCH7GLGuXaA7DiOj+OyAzfgSMhqPe9bwJOBNPq:YOKo7RAiM7Tr5ia5H6L3ZDj+OyA12qPB

Score

10^/10

Malware Config

Targets

- Target
  
  VastGen.exe
- Size
  
  36.4MB
- MD5
  
  4fc026bd21c123091fd65614ffb34697
- SHA1
  
  5badea2f62d005488e2b7bc383fa4b30d5099298
- SHA256
  
  556e4e5d8aefc825901a2b5ca83bc94e228f285848a076074ac061091c64a80f
- SHA512
  
  726e2be81ff17f187c766bad3c2a56ac94312963fbf4fb03bcfa559a8ca68c22cca2ad260bd7bdfe49921d79cb4d1b2108081e4ddfd12fd199ddfb46c4ae1e97
- SSDEEP
  
  786432:LQclfQD4sbb0fOHzeMKVxzx5QL73C9/JqrYEap9Wm+EpJs5zoVErf:LQYoRb+OHzDCd5QL7y9p3p9Wm+YYzoVe
Score

7^/10
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2
- Target
  
  main.pyc
- Size
  
  14KB
- MD5
  
  03700bc4b25e25e84a724382ef8eedf6
- SHA1
  
  66a3f6b58c4de2b70dbf8b8aaffdb77594211051
- SHA256
  
  7f45707138b84bcf5826bb040484ea120d8230e6e6a387d9fcaada9b1d4e60bd
- SHA512
  
  b78ca7bbdf2629dc714991b807c110e040bc893efff655ff3a4bb6a17a17143875a3802bc2b945d05a4bb7b9c298becf030834dc26fbd19ffd113c35d92a432b
- SSDEEP
  
  384:zqry3kQlrLiJld/r8VE6wC7ETeJaV8KWtQXs:zqra+l5h85Y3WQXs
Score

3^/10
behavioral3 behavioral4
- Target
  
  data/usernames.txt
- Size
  
  8.2MB
- MD5
  
  080e4f2554e1f7eb9f7fa4f4fbf59a3a
- SHA1
  
  7e46fb6d5cb053e4808a285c056d2246c076a1e6
- SHA256
  
  7d54721afa018d835ae7ec2ce96cb2f1240d14325683d14d2f3b31dd88ee17db
- SHA512
  
  e5d8c43a7df8e25890050e894a69a953cb7ea6ec56e817967679738eff3f7da99a10fa3730653a434c828164ed5b0cb2c0b5cd42fd9656eeb4c3aaf23e354294
- SSDEEP
  
  49152:a/GZ2z3hup05wWj1FtRUIH3/6tlESTbyA2T4Lj3LnPbEMWvu/l8k/YB0fw+oME0y:wdK1SZWKs1Q
Score

1^/10
behavioral5 behavioral6
- Target
  
  hsw-stuff/extensions/hsw.js
- Size
  
  542KB
- MD5
  
  1f7527670aa8e87f78443932a1df5d4c
- SHA1
  
  4c74fb298a990c14d822ab59d73027795109db2d
- SHA256
  
  941dd941c551a5dc7d460d9a1d06e8ee04626758de5cff1b813ebfd3399ed51e
- SHA512
  
  d119645f4b1a7aed350201b5bf02eff7a98e289324c569796c597ff5fc7d42cca5c56c301d690f978e2fcf6a7a36d19b0f6981de4d32f5a4b534df31ecea7478
- SSDEEP
  
  12288:cfFBxd9TlBUgWdfXoomMrOpR50hqIh6ilYTNA:cfT9JcXHrOpR5/Ih6iGTNA
Score

1^/10
behavioral7 behavioral8
- Target
  
  hsw-stuff/obf.js
- Size
  
  8KB
- MD5
  
  2a0b456947a5ba16148df6338f796562
- SHA1
  
  287d969defc6eda60e344624679f79938f3fbd4d
- SHA256
  
  147f4c168482b262d74d26e897051c02f41faaaa0304b347aabadf5dbf035775
- SHA512
  
  2b8ce1d099e2c1756d8c7bb902b963b05c9534ede7b9c2b4f95694a679418f0600ac3072de253ed9bc4d281c622d52c32157a39cfc07f5b92533781e7b7ae9ad
- SSDEEP
  
  192:IUw1rDUafjokkyIyLKjyFchPxNEpkWy6X/FWIMjMO8juZaKjDg4:SrDU2cVBuchPwpV3XNWI7O8juZaKjDg4
Score

1^/10
behavioral10 behavioral9

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Targets

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10